The Pentagon has a better way to stop users from clicking on phishing email – neuter the emails.
Below is an example of what the email that you send to someone in the DoD might look like before it enters the DoD email system and when the user sees it.
Needless to say, from the user’s standpoint, the resultant email is basically trash.
In part, how bad things are will depend on how much of the HTML in email they disable. If they disable all of it, for DoD users, email goes back to the way it was in 1980. If you send anything other than a text email with no linked graphics and no formatting, the user will be not able to read it.
If you send an email that links to content out on the ‘net, which a lot of corporate email does (like the example above), the user will likely just delete it.
If the graphics are embedded in the email (which is the way it was in the early 2000s until that resulted in emails that were so large that email servers could not deal with them), then the DoD mail scrubbing software will be able to analyze the embedded graphics for harmful content and probably your email will emerge mostly unscathed.
What this means for people who send email to DoD mailboxes is that they are going to need to be conscious of how that email is constructed and what their DoD user is going to see.
Certainly for any form of advertising email/ product email/ blog etc., businesses are probably going to need to rethink their strategies and come up with a different format of email for those millions of DoD users.
Of course, there is another option that DoD users have been using for years and that is GMail. I have lost count of the number of DoD people who have told me over the years to send my emails to them at their GMail accounts because DoD emails are unreadable.
Of course, all that does is move the entry point for the malware from Outlook to the browser. That’s sure a lot safer – NOT!
*IF* DoD blocks GMail and other webmail solutions, that would make things very difficult for DoD users – but that likely is going to be required. If the DoD user can’t click on a phishing link in their Outlook mail but can click on that link in their GMail, how have we helped things?
IF corporations start neutering emails, that will make marketers very unhappy. They have spent a lot of time and money attempting to make email pretty and if you force them to go back to 1980 email in order to get something that a corporate user can even read – that will be a problem. The good news is that is completely unlikely to happen except at the very most security sensitive companies – maybe a fraction of one percent or less.
Still, it could get interesting. And at least for the millions of DoD users, it is going to happen.
Information for this post came from Federal Computer Weekly (FCW)