Security

How the blockchain can help track important messages and prevent email fraud

Florian Bersier, CEO of email solution provider Gmelius talked with TechRepublic about how the blockchain can be used to prove the authenticity of communications and transactions done via email.

Emails provide important records of communications and transactions. Florian Bersier, CEO of email solution provider Gmelius talked with TechRepublic's Dan Patterson about how blockchain technology can be incorporated to prove who sent an email, and when they sent it.

Watch the video above, or read the full transcript:

Patterson: How often do you consider the integrity of your email account? Not just the email archive, but your contacts, your outbound email.

Florian, thank you very much for joining us today. I wonder if we could start by defining our terms. What exactly is email stamping?

Bersier: We call email stamping the fact to take the edge of the whole email, so build the email, once you have the email, we're going to inject it into the blockchain, hence the action of stamping is really the action of inserting the whole email in an encrypted way inside the blockchain. Like you will prove that you have done something, you're going to prove that you have injected the email inside the blockchain.

SEE: Blockchain: An insider's guide (free PDF) (TechRepublic)

Patterson: So, this... confirms the authenticity of the email sender and receiver. Can you tell us about how the technology works?

Bersier: Yeah, so the basic idea was, more and more, we see emails presented in courts, because people want to prove that they sent a specific message to someone, to a company. The problem with email, is that it is old technology ... that is almost 50-years-old, that has never been designed to prove that you have sent something, or that you have sent a specific message to someone.

So, we are basically using the blockchain to really offer a new way, and a cost-effective way, of proving that you indeed sent the message to someone, that the content of this email was a specific one, and the real big advantage for customers is that they know that at anytime they will be able to prove, in a robust way, that they send a specific email.

So, basically, when the email is sent, we are going to attach the headers, the body, the attachments of the message, to encrypt it with a specific algorithm, which will give us a kind of hash, and we're gonna inject this hash into the Ethereum blockchain. And, when it's done, we send back a receipt to our customers, with all of the stages of a transaction, making possible for them to retrieve the email, and the specific transaction in the blockchain.

Patterson: How does your technology differ from other solutions that exist in the marketplace, particularly PGP, signatures. Do you integrate on top of preexisting encryption standards? Or is this in addition to, alongside with, those standards?

Bersier: So, Gmelius really integrates into existing email clients, such as Gmail or Google Suite, for instance. So user login-in style or solution, and they will just see a new function is directly inside the inbox they know. Now they can use any other solution and we are really different from PGP in we don't offer an encryption. What we offer is really a way for customers to prove that they have sent something. So, it's really a different mechanism and a different perspective. But, yes, they are basically going to use a solution inside their current inbox and the possibility to stamp the emails with Gmelius. So, they can use a PGP solution sites, it won't change anything for us.

Patterson: It's a very interesting solution, to a problem that more and more companies have. Can you give us an example of a company that might use the blockchain to authenticate the integrity of their email, and the types of attacks that are occurring at companies, whether they're SMBs, startups, or enterprise?

Bersier: So, the current customer, we have today using, for instance, would be loan firms, financial institutions, or insurances. And they're going to use a solution especially email stamping when they send emails to their clients, or to institutions or to companies. Basically you're not going to use the stamping for every message you send. For example, if I sent an email to my mom or my dad, there's no need for that. But, if you know there are specific emails, that may be sensitive, that we'll have some really significant content, such as contracts or codes, it makes sense to cover (your) back, and to use email stamping in these situations. Currently it's mainly loan firms, financial institutions, and insurances.

SEE: Incident response policy (Tech Pro Research)

Patterson: I wonder if you could give the forecast for the next 18- to 36-months in cyberthreats (that target emails) and how companies can mitigate these types of threats.

Bersier: So, I think that first thing, is that we need to focus on the human being, beyond the computer. So, really to have some coaching for your employees. Then, we live in a world where all the architecture is centralized with internet, the web. It's centralized.

So, you have one server, and if someone has access to these servers, you have potentially access to all the databases. Now with the increasing tools that we see in the blockchain and the new blockchain protocols that are currently being developed such as Site Share, Ethereum as well, ... you can mitigate those challenges by re-adopting blockchain architectures, for that as well. The idea being that if you can really duplicate and synchronize your databases all with really, really a large number of nodes, you will be able to really protect the, in a better way...the data that you store on your servers.

Also see

istock-664868402.jpg
Image: iStock/monsitj

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox