Posts Tagged ‘pgp’

WTB Standardized Email Encryption. PST

February 15th, 2009

Today I received an email from an undisclosed relative who works for an undisclosed company. Suffice to say that the relative works for a very large Australian company. In the footer of the email was the following message (identifiable information removed):

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately.

This email has been scanned by the MessageLabs Email Security System for the presence of computer viruses.

Pretty much every company I’ve dealt with that I can think of has one of these retarded footers in their emails. Normally I just ignore them but today I’m grumpy so I’m going to complain about it.

To start with, the first sentence basically screams FOR THE LOVE OF GOD WE NEED STANDARDIZED EMAIL ENCRYPTION! Seriously. How long has it been since the introduction of S/MIME and PGP? Surely every modern email client supports encryption of some form or another, and surely if something were standardized all the products that didn’t would be fixed pretty quickly if they valued their customer base. Right? I mean, do you really think that a message saying “oh noes, if you got this on accident please delete it” is going to do anything if an unscrupulous individual receives a message that wasn’t intended for them? No. Its just plain pointless.

Second, even if the contents of the email aren’t sensitive enough to warrant full blown encryption signing is surely something that should be encouraged given the amount of identity theft that is going on at the moment. Is the corporate world really so behind the times that they think a little message in the footer is good enough protection?

I’m sure some people will be protesting that email encryption is unnecessary and annoying but think of it this way. If you were dealing with a law firm, your accountant, your bank, or some other corporation that has access to some of your very sensitive data (which I might add the company that the aforementioned relative works for does) wouldn’t you feel safer knowing that only you and the other party you’re dealing with could read your emails and that if they accidentally emailed the wrong person that there would be no compromise of security? Heck, I think if you explained to people WHY they had to go through the process they would appreciate it and be more likely to want to deal with the company in the future because they know that the security of personal data is a priority.

Then of course we have the “this message has been scanned by X anti-virus product” footers. Has it not occurred to the makers of these products that a worm could just copy that message verbatim into any infected emails it sends out? Teaching people to think “oh there’s a totally unverifiable piece of text here that says the email is virus free so I’m sure it’s safe to trust” is stupid. Whilst I realize it’s free advertising it’s also irresponsible. If the AV companies really cared about their customers they wouldn’t be teaching them such idiotic lessons. ALWAYS scan emails for malware, and even when emails are “clean” be wary of strangers bearing gifts because AV software is far far far from perfect.

Sigh, that’s my rant for the day.

Note: If you don’t understand the title of the post it’s because it’s using WoW jargon. ‘WTB’ = ‘Wanting to Buy’, ‘PST’ = ‘Please send tell’ or in other words ‘Please contact me for details’.

Security , , , , ,