Some 320 billion spam emails are sent every day, and 94% of malware is delivered via this medium. What if I were to tell you a surprisingly simple one-click email trick could stop them?
Over half of all global email traffic is spam, a statistic that is only surprising in as far as most people probably expected it to be more than that. To put that into some perspective, the latest analysis from Cisco Talos intelligence puts the average daily spam volume for April at 320 billion.
Spam is always annoying, sometimes amusing and often dangerous. According to Google, its Gmail service blocks more than 100 million phishing emails every single day, 18 million of them related to COVID-19 in some way. With as much as 94% of malware being delivered by email, and one in every 3,000 email messages containing malware payloads, spam remains a very real problem in 2020.
But what if I were to tell you a surprisingly simple email trick could stop that spam with just one click?
A brief history of spam
The history of spam is a long and dishonorable one. I’ll skip the email advertisement sent to a couple of hundred users of the Advanced Research Projects Agency Network (ARPANET), a technical precursor to the internet as we know it, back in 1978. Instead, I had to wait until April 1994 before receiving my first spam message: sent to USENET groups rather than by email, advertising a green card lottery service by two lawyers, Canter and Siegel.
It was this simple advertising message that formed the foundation of what became the junk email phenomenon. That danger was demonstrated almost precisely 20 years ago to the day when the ILOVEYOU worm was distributed by email and infected millions of Windows computers. Across the two decades that have followed, spam has remained the primary vehicle for delivering malware as well as being an ever-present irritant.
How do you deal with a problem like spam?
Twenty years ago, spam blacklists were the most commonly used anti-spam technique: and oh boy did they suck. Filtering spam by the IPs of known bad senders only works if those IPs are not only known but accurate. Seeing as many spammers used the same internet service providers as everyone else, false positives were the order of the day and most of us turned such filtering firmly off soon enough.
Dedicated spam filtering solutions using a combination of sender reputation scoring and keywords soon emerged and proved more effective. They did, however, require a period of training whereby the recipient would have to categorize email as being spam or not manually.
Thankfully, email applications now come with anti-spam measures built-in, and the likes of Gmail, for example, reckon the machine learning algorithms that power the spam filtering for 1.5 billion Google email users are 99.9% accurate. That still leaves way too many actual spam messages getting through when you do the math, and it’s dealing with these that is proving difficult. A new one-click email trick that is currently being tested by Mozilla could provide the solution for 250 million Firefox users.
Mozilla’s one-click killer email trick to deal with spam
Going by the name of Private Relay, Mozilla is currently testing a new add-on for Firefox users that could put an end to unwanted emails using a single click. The idea behind the new add-in is undoubtedly not new. Still, Mozilla is making it so easy to use that it could revolutionize the way we deal with unwanted, annoying and potentially dangerous emails.
That idea is email aliases, where you create different email addresses for services and sites that you sign up to while keeping your “real” email to yourself. Gmail users, for example, might sign up with email@example.com instead of firstname.lastname@example.org as a ‘dot’ before the @ symbol doesn’t change where the email ends up, but does help to identify where spam is coming from. But that’s not as easy to manage as the Firefox solution.
By simply clicking on a “relay” button next to the email fields, once installed, the add-on will allow an alias to be created on-demand. All emails sent to that new address will automatically be forwarded to your actual address. Mozilla describes the Private Relay Firefox add-on as being able to generate “unique, random, anonymous email addresses that forward to your real address,” and when done with you can “disable or destroy the email address.”
This user interface is what makes Private Relay so simple, and so powerful: removing the alias means that no further emails will be received, all spam will be terminated from that sender and any others they might have shared your address with.
If a service you are using suffers a data breach and logins appear on the dark web, a would-be attacker wouldn’t have your email address for use in executing a credential stuffing attack. “We all make many online accounts, but most of them are linked to 1 or 2 of our email addresses,” Mozilla said, “this means if just one account is hacked or tracked, every other account and its associated data is now also at risk.”
So, what’s the catch?
Ah, yes, the catch. There’s always a catch. In the case of Mozilla’s Private Relay, it’s merely that it is still in testing mode at the moment, an invite-only alpha testing mode. That will change in due course, and by keeping an eye on the Private Relay pages you will be able to sign up to the waiting list and join in “soon,” according to Mozilla.
You might also think for old-timers like me who have had the same very public email address for more than 20 years, then maybe it’s a little late to start using aliases, but think again. It’s never too late to start dealing more effectively with the problem of spam. I’ll be front and center of the queue to test this one when the testing expands.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.