Many people are unaware that before emails arrive in your inbox, they are processed through a buffer aimed at detecting and blocking harmful content. Over the years, however, email providers—most notably Gmail—have transitioned to merely attaching “warning labels” to emails that contain dubious links or attachments. This method, which can be described as “dancing around the issue,” has not significantly mitigated risks. Alarmingly, emails are the source of 91% of all cyberattacks. So, what’s the reason behind this?
DMN Security Bite is proudly sponsored by Mosyle, the only Apple Unified Platform. Our primary mission is to ensure Apple devices are fully operational and secure for enterprises. We leverage a distinct integrated approach to management and security, combining cutting-edge Apple-specific security solutions for automated Hardening & Compliance, Next-Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management, all supported by the most efficient Apple MDM available. This results in a completely automated Apple Unified Platform that is trusted by over 45,000 organizations, enabling millions of Apple devices to be ready for work effortlessly and affordably.Request your EXTENDED TRIAL today and discover why Mosyle is essential for your Apple operations.
Let’s begin by examining the current severity of the situation.
In a previous Security Bite, I mentioned a study conducted by the web security startup SquareX that highlighted the lack of action taken by companies to combat malicious attachments and safeguard users.
The researchers experimented by attaching various malware samples to emails and sending them via Proton Mail to accounts on iCloud Mail, Gmail, Outlook, Yahoo! Mail, and AOL (part of Yahoo!). Notably, successful email deliveries could pose potential threats to users from any malicious attachments.
The following table summarizes the outcomes of sending 7 out of 100 malicious samples to the different email providers, showing whether the harmful attachment was successfully delivered. “If an email was undelivered, it indicates that malware was identified while the email was processed by the server,” states the SquareX study.
Image: SquareX
The Dilemma
Investing in comprehensive email security features appears to be the obvious way to protect users. However, Ian Thornton-Trump, CISO at the threat intelligence firm Cyjax, stated to Forbes, “this is similar to asking a free Wi-Fi provider in a Starbucks why they’re not blocking all cyber threats.” He elaborated that balancing free service with security is a tricky endeavor.
Thornton-Trump adds that implementing advanced email security can lead to problems with false positives, which may require technical support resources for resolution. Managing these issues across millions of free users could be commercially unviable.
Additionally, some argue that email providers are hesitant to make substantial investments that could strain their resources and impact their financial performance. While not explicitly aimed at preventing spam, iOS 18, iPadOS 18, and macOS 15 enhance email categorization and summary features through Apple Intelligence, facilitating better organization and enabling users to identify important messages more easily.
It will be interesting to see if Apple incorporates more AI-based security features into the Mail app. Leveraging Apple Intelligence to provide real-time warnings or to remove harmful attachments and URLs from emails could be a game-changer.
I’d love to hear your opinions on this matter. Please tell me you’re not still using AOL…
About Security Bite: Security Bite is a weekly column focused on security issues featured on DMN. Each week, Arin Waichulis shares insights on data privacy, reveals vulnerabilities, or highlights emerging threats within Apple’s extensive ecosystem of over 2 billion active devices to help keep you safe.
FTC: We utilize income-generating auto affiliate links. More.
