[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

Henry Baker hbaker1 at pipeline.com
Tue Oct 7 11:11:41 EDT 2025 

-----Original Message-----
From: John Levine <johnl at iecc.com>
Sent: Oct 6, 2025 8:38 PM
To: <cryptography at metzdowd.com>
Cc: <iang at iang.org>
Subject: Re: [Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

It appears that iang via cryptography said:
>And sadly, it turned out that email was practically impossible to secure, in large part because everyone's entitled to it, there is
>no cost, and the momentum of unsecured users was too hard to fight against.

The reason we still put up with email is that it's the only service that is
fully federated, doesn't require introductions, and is asynchronous. For decades
people have been saying mail is obviously not fit for purpose and will be
replaced by X, with the X changing every few years. We're still using mail
because none of the X do the things that mail has been doing for 40 years.

By the way, another WKBI is that if all mail were authenticated (what I'm
guessing is the opposite of what you're calling unsecured) the problems would go
away. These days prety much all mail is authenticated by DKIM which puts a hard
to forge domain identity on each message, and it's helped some but not that
much. I think it mostly proves that any walled garden large enough to be
interesting is large enough to contain people you don't want to hear from.
For me, the majority of spam that makes it into my inbox is from fully
authenticated users at Gmail, Outlook, or iCloud.

A related WKBI is introduction, only accept mail from a list of known good
senders, and don't put bad senders on your list. Except that introductions don't
scale. It's not hard to imagine a scheme where when you buy something from a
vendor or subscribe to a mailing list, the two parties securely tell each
other the identities they'll be using to send mail to each other so they can add
them to the introduction list. But nobody does that outside of walled gardens
like WhatsApp. Managing identities at scale is really hard.

R's,
John

PS: I am not saying give up and don't try to make mail better, but I am saying
that there are a whole lot of WKBIs that we know have failed before and it's
unlikely that doing them again will be any different.

---
I keep getting emails from banks telling me to double check the sender of
any emails to make sure that they aren't spoofed (although they don't use
that technical term ! ).

But Apple makes it very difficult to do exactly that, so perhaps these banks
should put the pressure on Apple instead of bothering their customers.

As I keep saying, Apple is missing in action in the fight against fraudsters
and spammers.

Some more cynical than I might think that Apple, as a purveyor of a walled
garden, has an incentive to scare the pants off its customers in order to
keep them locked inside their walled garden -- even to the extent of making
their communications with those outside this garden vulnerable to 5th
graders.

More information about the cryptography mailing list