February 2019 - Blockchain | Email | Encryption

How Blockchain Can Help Make Email Better

Patrick Ben Koetter from the eco Association explores blockchain solutions for email and the need to bring the whole email ecosystem to the table.

How Blockchain Can Help Make Email Better

© undefined | istockphoto.com

dotmagazine: What potential do you see for blockchain to provide practical solutions for email or email marketing? 

Patrick Ben Koetter: That’s still very hard to say. What we know at the moment is that blockchain is an interesting technology. We’ve seen a lot of hype about blockchain, and I’m very glad that the hype is finally settling and we are able to get a better view to see more clearly what it can really be useful for. And the first few useful things are popping up. 

I think the best thing I can quote is a McKinsey paper, which really fits. They said blockchain is “a solution looking for a problem”. And now the idea is to see whether there are any problems with email that we may be able to fix with this technology

dot: What are the elements of blockchain which could prove useful for email? 

Koetter: Well, basically blockchain is a contract mechanism. Parties can come together and agree on a contract and that contract can be written into the blockchain and then it’s tamper proof because all the information is distributed to many participants reading from that blockchain. So whenever you need something that should bring a few groups to the table and have them agree on something and write that down, then blockchains are interesting. 

When we’re talking specifically about email use cases, the features that are interesting are the contract mechanism, the fact that it is tamper proof, and the fact that it can be automated. Email as a product has been ruined by ISPs. It was a side product that would always be given when you bought a domain or something else, and as a result, email ended up being a product almost nobody wants to spend money on anymore. But email still remains the most widely-used communication tool we have today. 

So, we need it but nobody wants to pay for it, which means we are operating in a very sensitive market when we introduce new technologies to modify or improve something related to email. And the interesting thing about blockchain is that it seems to be able to run in a highly automated way, so it doesn’t require a lot of interaction. This potentially makes it a cheap technology to help improve things in the email market. 

dot: What use cases are you already aware of for combining blockchain and email?

Koetter: We recently had a meeting at eco bringing together the competence groups for blockchain and email, and two different blockchain use cases for the email industry were presented. It was up to the email specialists to decide if they thought the solutions were useful. It was very interesting, because the solutions not only dealt with quite different email issues, but they also capitalized on different qualities of blockchain technology.

The first one to be introduced was called DOIChain, and it addresses a typical problem that email marketers have: They have to provide proof that the recipient of a marketing message actually gave the sender consent to send marketing mails to them. This is usually done by using the double-opt-in (DOI) procedure. Typically, recipients forget that they opted in to receiving these specific marketing messages, and say that they never consented. If, in this case, they then complain to authorities about the sender – especially in the age of the GDPR – this can end up in a court of law. Now, the senders can point to their proof, showing the DOI list and the log file proving that the confirmation email clicked on by the recipient, but even then it can happen that the sender is accused of having faked the list, even having faked the log entry. 

This places marketers in a difficult position. When you need to go to court to prove that the recipient really did consent, it cost the sender money. The onus is on the senders or the email marketers to play the clearinghouse and verify the consent. This is usually combined with a lot of effort, a lot of money, and it eats into the product margin they have from the product. 

So marketers are looking for a way to have a more automated and tamper-proof way to simply establish a customer relationship between somebody who wants to send a message and somebody who wants to receive a marketing message. And this is what the DOIChain developers set out to achieve. Basically, the concept is to write this contract between the sender and the recipient into the blockchain, where it is tamper-proof and therefore it cannot be faked. 

So this is an interesting use case for email marketers, because it really would probably eliminate a problem that they have. At the moment, though, the general feeling was that the solution does not yet consider all the stakeholders that need to be involved into this scenario. 

Because you have the email service providers (ESPs), who are going to send the messages; you have recipients and their mailboxes; and the group that has not yet been taken into account is the Internet service providers (ISPs). The ISPs have to provide email assistance, they would have to provide software on their platform to help the DOIChain run. And so far, there is no clear benefit for ISPs to implement DOIChain. The guys who came up with the idea for DOI chain are email marketers themselves. So they’re fixing their own problem, but not other people’s problems. For a solution like this to be successful, it will need to appeal to the entire email value chain, and motivate all of the players in the email ecosystem to put the work into implementing it.

dot: What email issue did the second solution address?

Koetter: Well, the assumption is we need end to end email encryption. So, we have PGP and S/MIME, but it’s a real hassle to deal with S/MIME and PGP, because it is overly complicated and you have to provide so much information in order to set it up. The blockchain solution presented is called Vereign, and their proposal is to use S/MIME, but exchange the underlying certification infrastructure we have today with blockchain technology. So you could create new S/MIME certificates and start either encrypting or signing messages right away. 

The Vereign creators have developed a browser plugin for Gmail which integrates really nicely into Gmail mailboxes, and today they have plugins ready for other webmail software frontends. And you really can send encrypted and/or signed emails immediately. It is a very nice, smooth solution. And from what I could see, they seem to have addressed all participants. There is something in it for everyone in the email ecosystem, and it’s a useful piece of technology. It sounds like they have found a good solution for end-to-end encryption, which is great news.

Patrick Koetter is an email expert, and a board member of sys4 AG, which is specialized in email, DNS, and the development of highly secure platforms and services. He contributes his knowledge and experience to eco as an expert and as Leader of the Competence Groups Email and Anti-Abuse