Mailslot Success Story
Preventing Phishing Attacks with Digital Signatures
Client Overview
-
In January 2022, Wes Kussmaul, CEO of The Authenticity Institute USA, approached Codegic
-
Unique challenge: to develop an MVP called MailSlot aimed at combating phishing attacks using Osmio-backed digital identities and personal identity scores (IDQA)
-
The project entailed leveraging concepts such as S/MIME, digital certificate validation, OCSP, and API integration.
Challenge
Phishing attacks, particularly Business Email Compromise (BEC), pose a significant threat to organizations worldwide. Despite the implementation of spam filters and digitally signed emails, phishing attacks continue to succeed due to sophisticated spoofing techniques and user vulnerabilities. The challenge was to develop a solution that could effectively authenticate email senders and prevent phishing attacks by ensuring the integrity and authenticity of incoming emails.
Solution
Codegic collaborated with The Authenticity Institute to develop MailSlot, a groundbreaking solution designed to prevent phishing attacks using digital signatures:
-
Thunderbird Add-On Development: After thorough research and development, Codegic discovered that an Outlook add-on could be built to empower users to trust or reject incoming emails based on their authenticity. Leveraging their expertise in PKI and digital signatures, Codegic developed a Thunderbird add-on that seamlessly integrated with the email client, providing users with the ability to verify the authenticity of incoming emails.
-
Phishing Prevention Mechanism: MailSlot employs a multi-layered approach to prevent phishing attacks. Incoming emails are digitally signed, and MailSlot verifies the sender’s certificate against the Osmio Certification Authority. Additionally, MailSlot checks for certificate expiration and revocation status to ensure the integrity of the sender’s identity. The solution also evaluates the sender’s IDQA score, ensuring that emails are only trusted if they meet the predefined IDQA threshold set by the enterprise.
-
Outlook Desktop Integration: Recognizing the need to cover a broader user base, Codegic initiated the development of an Outlook Desktop-based solution to complement the Thunderbird add-on. This solution, built on the powerful capabilities of Outlook Desktop, extends the phishing prevention mechanism to Outlook users, further enhancing email security across different platforms.
Results
MailSlot revolutionized the approach to phishing prevention, delivering benefits to organizations:
-
Effective Phishing Prevention: By leveraging digital signatures and IDQA scores, MailSlot effectively blocks phishing emails, ensuring that only trusted emails reach users’ inboxes. The multi-layered approach provides robust protection against spoofing and impersonation attacks.
-
User-Friendly Solution: MailSlot integrates seamlessly with Thunderbird and Outlook Desktop, offering users a user-friendly interface to verify the authenticity of incoming emails. The solution empowers users to make informed decisions about the emails they receive, enhancing overall email security.
-
Continuous Improvement: Codegic continues to enhance MailSlot’s functionality, with planned enhancements including automatic replies to untrusted emails, email sender sanitization, and comprehensive statistics. The agile development approach ensures that MailSlot remains at the forefront of phishing prevention technology.
Conclusion
MailSlot represents a significant advancement in phishing prevention technology, leveraging digital signatures and IDQA scores to authenticate email senders and block phishing attacks effectively. With a user-friendly interface and continuous improvement initiatives, MailSlot is poised to become a cornerstone in organizations' cybersecurity strategies, offering robust protection against evolving phishing threats. Contact us today to learn how MailSlot can prevent phishing attacks for your organization.
“Codegic worked with us to develop our MVP (MailSlot) to combat phishing attacks for Thunderbird & Outlook. They helped us design the solution exactly as we envisioned and on time. They have continued to provide follow-on technical support as needed. They are a very creative group, and we plan to work with them on our future security projects.”
John, CEO, MailSlot