The great thing about email is that it’s accessible to pretty much anyone. The downside is that emails are also great for phishing attacks, to spread malware and spam, and more in general to steal your data.
Sure you can protect yourself with the best email protection tools on the market, but there’s a lot you can (and should!) actively do to improve your email security.
One further step is to use a secure, encrypted email app, but there are also things you must know in order to spot potential threats and avoid them.
In this interview we have Hetal Pandya, Co-Founder & VP Marketing of Edison Mail, one of the most popular email apps worldwide, who will give us a checklist of the best email security practices, and insights on their email app’s security features.
Please describe the story behind Edison Mail: How did it all start, and how has it evolved so far?
Using email when it first came out felt innovative, efficient, and more than anything — smart. Over time, the speed and magic of mail gave way to complex features and constant attempts to reinvent the way mail works. Today, email has scaled beyond its original design, and we’ve all experienced the systemic problems of using it, day in and day out. Our mobile lifestyles are burdened by email fatigue from an overflowing inbox, the epidemic of spam and phishing scam emails, and the need to manage multiple email accounts from different providers. In fact, Edison Mail’s 2022 State of Communication study reveals more than half of Americans are suffering from email overload, and almost 70% say that notifications and messages interfere with their productivity.
Edison Mail set out to build an app worthy of the importance that mail holds in our lives, and to make it intelligent. We invested all of our time and incredible resources to create the best mail app for mobile devices. To make the way we all communicate faster, smarter and easier. So people can save time and get more done.
Our Engineering team invested more than a year of time, resources and talent to develop Edison Mail. They dedicated themselves to the study of email’s technical industry standards (for example, IMAP protocol) to obtain a thorough understanding of the areas needing improvement. Their learnings paved the way for their development of an advanced proprietary mail algorithm and detailed engineering architecture that would allow the Email app to deliver a faster and smarter email experience.
Edison Mail was built from the ground up to deliver unparalleled speed, so up-to-the-moment emails pop up extremely fast. The app delivers a clean and intuitive interface to keep things simple and let you manage all of your accounts in one place. One of the exclusive, hallmark features of Edison Mail that no other email app can match is its proprietary machine learning-based “Sift” technology that provides important travel, package, and receipt details you need in a seamless inbox experience. As your own personal email concierge, a menu of smart cards offering meticulous and organized specifications of travel, packages, bills and receipts, and entertainment plans are accessible at a glance.
Edison Mail’s flagship ability to one-tap unsubscribe from newsletters you’ve lost interest in and manage all of your email subscriptions in a single scrollable view has been lauded around the globe. In your subscriptions smart card menu, you can search all of the newsletters you’ve unsubscribed from previously and resubscribe with a simple tap at any time. The app’s intelligent Assistant Widget also offers a carousel of suggested unsubscribes for you to review at your convenience, proactively making inbox clean up simpler.
Since launching in 2016, Edison Mail has blocked over 1 billion spy pixels and parsed over 2 billion emails worldwide across its smart card “Sifts” to deliver on its promise of a more organized inbox. The app has been recommended by technology luminaries including Walt Mossberg, Melinda French Gates, and Jocelyn Glei, author of Unsubscribe: How to Kill Email Anxiety, Avoid Distractions, and Get Real Work Done. Edison Mail has developed a strong brand and reputation, been praised and featured for its high performance in hundreds of top tier national press.
Edison Mail is available for iOS, Android and Mac. The app has amassed an impressive and loyal community due to its unique technology, its sterling product and its competitive advantages. The app has been recognized and honored for its AI-driven and dead simple performance across numerous industry awards, including winning placement and honors from the Inc. 5000 Fastest Growing Company Awards, Deloitte 500 Awards, The Webby Awards, The Shorty Awards, The American Business Awards Annual STEVIE’s, and The Silicon Valley Business Awards.
Can you briefly explain why email security is important?
Safety is a fundamental human need for all of us. In the real world, whether you’re walking to the store or handing over your credit card details to buy something, there is nothing more important than your feeling of personal safety.
This is just as true in our digital life. Somewhere along the way email, the place we spend most of our time when we are online, became a place that no longer feels safe. The invention of read receipts (aka spy pixels) and wide scale phishing attempts exploited dangerous holes in the infrastructure of large corporations that we regularly engage with. Spammers found loopholes in legislation to trick people into clicking fake unsubscribe links.
Other big tech ad-based email services rely on your email address as a unique identifier across their free products to trace you and your internet behaviors to target you even better for advertisements.
With so many pervasive email threats, you eventually accepted them as becoming a new “norm” of your email experience. We have all sadly learned to accept that the inbox is no longer a safe place. It is a place in which you hesitate before opening a message, a place where you second guess every link you click, and finally, a place you can no longer actually trust. Every email from a sender is approached with caution.
These problems are tough to solve. They require lengthy research and development cycles to bring safety back to your inbox.
How safe are emails nowadays?
The number of email phishing and scams are staggering. According to Verizon, 30% of phishing messages get opened by targeted consumers. In 2018, the FBI reported that Business Email Compromise (BEC) scams attempting to conduct unauthorized wire transfers over email accounted for $12 billion in losses. Since then, in 2019, 76% of businesses reported being a victim of a phishing attack. Additionally, as much as 60% of Americans say they or a family member have been victims of a security scam or breach, and 15% of people successfully phished will be targeted at least one more time within the year. Phishing attempts grew 65% in 2019 and accounted for 90% of data breaches, while around 1.5 million new phishing sites are created each month.
Email service providers and enterprise software developers haven’t been able to solve the problem of the email phishing epidemic. Today’s world faces an alarming new reality of having to regularly determine whether emails from their family, friends, boss or customer are legitimate. Today’s email technology should empower every person by equipping them to easily verify the authenticity of messages they receive. This is why our Edison Mail+ subscription offers stringent protocols to verify email authenticity via SPF, DMARC and even domain level validation.
The COVID-19 pandemic only furthered the email phishing epidemic. Hackers made headlines throughout 2020 for using malware and fraudulent emails to trick health organizations into sharing vaccine research and information about medical supply chains. Scammers sent fake emails from real domains to solicit monetary donations for the COVID-19 cause, and some organizations have spent millions of dollars from fake emails on medical supplies that didn’t exist.
What features have you implemented to ensure data protection?
Our services are protected by one of the world’s most advanced security infrastructures. Information in our care is safeguarded by multiple layers of security, including AES 256 encryption.
You can protect your inbox from anyone outside who may have access to your device by toggling on Apple’s Face ID protection in Edison Mail for iOS. The functionality is a natural complement to Edison Mail’s built-in anti-tracking technology offering automatic default blocking of spy pixels (aka read receipts) that enter your inbox from the inside, so you have 360 degree privacy coverage and peace of mind.
In 2020, Edison introduced Edison Mail+, a brand new AI-based email security subscription plan offering unique technology engineered to solve the $12 Billion email scam epidemic preying on consumers worldwide. The plan offers anti-phishing and security enhancing features that can be layered on top of the existing Edison Mail app, including Verify Sender, Spam Blocker, Inbox Caller ID, and Validate Contacts. Edison Mail+ is available on the App Store and Play Store for $14.99 per month, or $99.99 per year.
Edison Mail+ offers email phishing scam detection on your mobile device and inbox—something very few other security providers can say they offer. The subscription puts a critical extra layer of deep-scan protection to detect, warn, and verify potential email attacks as soon as they enter the mailbox. Receive a warning before falling victim to costly phishing, identity spoofing, and malware efforts.
Verify Sender, the vanguard feature of Edison Mail+, is a powerful AI-based technical protocol that conducts a handshake between sender/receiver across inbound mail. If a sender’s email server doesn’t respond as “authentic” mail should, a suspicious email warning to the user is triggered. Verify Sender then applies a four-level deep investigation of new emails in real-time as they enter the inbox to assess for potential threats or scams.
The first layer of investigation is SPF & DMARC validation. Edison Mail+ checks how trustworthy the origin of an email is based on whether it is a permitted sender by the domain owner or not. While some email service providers offer Authenticated Logo functionality based on an open standard called BIMI, which requires email senders to implement DMARC configuration and host their brand image at a certain URL– only 2% of email senders, and less than 100 of the Fortune 500, have a valid DMARC configuration and the adoption rate is extremely low (2% in 10 years). Meanwhile, hackers can still impersonate most of the businesses and organizations that do not have DMARC, and authenticated logos are not effective against those types of spoof-email phishing attacks.
With 98% of email senders not configuring their domains securely via DMARC, they require additional anti-phishing protection for effective security. Verify Sender is unique and set apart from anti-phishing technology offered by existing email service providers because it offers three layers of security to cover the 98% of senders that do not have DMARC configured.
First, the app detects and alerts you in real-time if emails are sent from invalid disposable domains that frequently pass through your email service provider undetected. (Edison Mail sends an anonymous TCP connection to the sender’s domain and a probe command to check if the domain can receive email.) Then, it detects name spoofing based on your previous communication history (Edison Mail’s built-in AI can recognize and differentiate between who normally contacts you or not). Finally, it scans 70+ spam databases in real-time that may have registered and flagged the email sender as a spam or scam associated address.
Additionally, all of the AI-based deep-scanning takes place on the mobile handset directly, so no information leaves your device, and the functionality is built securely into your inbox to protect you from scams.
Edison Mail+ also protects people from the rising tide of robocalls and automates the task of updating phone’s contact details. You are alerted when your address book no longer matches the contact details found in the signatures of the people you regularly contact via email. You are alerted when you receive calls from an email contact, creating an email-based “caller ID” system. Additionally, you are protected from dangerous spam calls by the unique ability to block all calls and texts from a previously blocked email contact.
Can you also suggest any other good practices to help improve email security?
Both Staysafeonline.org and The FBI offer great tips on their websites on how to avoid cyber crime, and are worth checking out. HaveIBeenPwned is a great resource to find out if your data has been compromised in any recent data breaches. To avoid getting a virus, make sure to only download attachments from official senders you know and never open links from suspicious sources.
Finally, stay in the know about any recent email phishing scams in the news so you know what to look out for–they change monthly and seasonally with different tactics. We previously rounded up some of the top email phishing scams in 2020 you can reference on our blog.
What cybersecurity trends do you think will be crucial in the near future?
Expect your standard practice of juggling account passwords across the internet to move behind the scenes. Soon, businesses will replace passwords with alternatives such as biometrics, PINs and multifactor authentication and turn to third-party password managers and automated security solutions to own user authentication, ending the painful process of creating new, complex passwords for all of us.
And what about your future? What is next for Edison Mail?
The team at Edison is on a mission to help consumers overcome the fatigue they feel from the time they spend everyday in email. We want to deliver a higher standard of the productivity and communication experience that so many of us have wished for in email. That’s why we have set out to provide the world with a viable and competitive email service offering another, modernized, choice. We believe our new OnMail email service is the best solution to your biggest problems in email, not just from a usability and performance perspective, but also from a privacy perspective. We rejected an ad-backed business model because of its insidious nature. Instead, we’re working to educate consumers about why certain types of ad-based free products are not in their best interest and how our paid plans combined with our optional research-backed business model are better long term solutions.