E-mail authenticity

Was that e-mail really from you?
I got asked this question by a client recently.  And it makes me think about trust in e-mails. We all have the right to question whether e-mails are authentic. I seek the same answers. I take the security of my e-mails and client contact information very seriously.
I guess I could start by saying that my business e-mail account has never been hacked.  With that said, this fact would not stop a bad actor from an account pretending to be me.  With the right e-mail program you can make the “From” address anything you want.  However, they would need my address book.  I send all of my group e-mail out as BCC (which means that you don’t see all of the recipients).  That address book is stored in the cloud in an account protected by two factor authentication (something you should have enabled on your iCloud, Google, and Microsoft accounts used with e-mail / contacts).  Further enhancing security, my second factor is not my phone number, meaning I authenticate by something more secure than a text message.  My contacts are locally stored on 3 devices – a laptop, a smartphone, and a tablet.  All three of those are locked with encryption.  Considering all of this, it would be pretty hard for a bad actor to send an e-mail to all of my clients.   I should also add that I almost always use one of three salutations in my e-mail updates:   Dear Clients and Computer Students (for all clients), Dear Mac Family, and Dear Windows Clients, depending on the group I am addressing.  Great question!  Thanks for asking.
Advertisements