why there is nothing like a “verified checkmark” for E-Mails of real companies like PayPal to distinguish their E-Mails from scams
In: 7499
This is a really complex question.
The short answer is there kinda is but also isn’t. Email was designed so that people could just send it without having to verify who they are. Some technologies have been implement to prevent people from sending illegitimate emails using a legitimate domain but that only stopped one type of spam. Now people just send illegitimate emails from an illegitimate domain that looks like a legitimate domain.
Part of the problem is the decentralized nature of email. Twitter can “verify” people because of they own the entire platform. But since email is decentralized how does Gmail verify that the email coming from your mom on ProtonMail is actually your mom? They can’t. There would need to be a backend identity system that all email servers use which authenticates people. Of course this would never work because you’d have people (and companies) like ProtonMail who’s whole shtick is privacy. Do you think ProtonMail is going to enter all its users into a centralized database?
Each mail server would need to verify that the person who says they’re legit actually is legit. Without a backend how do they do that?
The second problem is that even in situations where there is an authentication mechanism (corporate email for example) people generally don’t understand it. I do cybersecurity in my full time job and I’ll occasionally ask users to explain what the certificate icon on the emails means (and sometimes I’ll ask them to explain how they can tell the email came from their coworker). Most of them have no idea (Even though we have yearly training on it).
But the real simple answer is that it’s simply not worth it to try and solve all these problems. It’s much easier for email providers to just do what they already do (spam filtering) then it is to try and handle identify management. A few people get hit with spam emails and then the AI figures it out and starts blocking that spam campaign. Sure it’s bad for those few but the email provider isn’t liable for any money that users lose from spam so the few are a necessary causality.
Latest Answers