‹ Back to the blog listStung by email?


Despite challenges from instant messaging and social media, email remains one of the most important forms of electronic communication. 

And one of the most dangerous.

This aging technology is the vector for numerous problems...

  • Digital diseases  email is the dominant mechanism for the distribution of viruses, trojans, root kits, ransom-ware and adware.
  • Theft and impersonation  email is being intercepted and misused to cause all sorts of harm.
  • Phishing  email designed to fool people into revealing passwords and other valuable information continues to be alarmingly effective.
  • Spams and scams  email is riddled with junk and scam mail.  Modern spam filtering has managed to stem the tide, but a lot still gets through, including some nasty scams.
  • Vulnerable attachments  protection for files sent by email is virtually non-existent.
  • Antiquated capabilities  delivery verification is spotty at best, attachment sizes are annoying limited, configuring a new account on an email client is hit-or-miss, and implementing encryption via techniques like GPG is a nightmare.

There are other issues ranging from minor frustrations to critical failures, but even this short list is enough to suggest that email creates toxic problems for a lot of people.  


We think it's high time someone does something about it.  And not just when emails and their valuable attachments are in transit over the internet, but all the time, even on both the sending and receiving devices.

There's a new way!

One of Merlin's innovative features is a new kind of email that solves virtually all of these problems.  Provided both sender and recipient are using Merlin on their devices, here are some of the great things Merlin Mail™ offers:

  1. Encryption  Automatic encryption during transmission and on the sending and receiving devices themselves; only users have keys.
  2. Multi-dimensional filing  Automatic filing of emails into multiple subject folders.1
  3. Delivery verification  Positive delivery verification, with automatic receipts.
  4. Unlimited Attachments  No limit on the size or number of files you can attach to an email, and all attachments are fully encrypted as well.
  5. Guaranteed delivery  Merlin is connected by Kahuna™, an exceptionally robust encrypted delivery system, which means there will be virtually no lost emails.
  6. Anti-spam / Anti-scam  Potent protection against Spam and Scam mail.
  7. Malware resistance  Extreme resistance to infection by all types of malware.2
  8. Forgery prevention  Potent protection against senders spoofing their identity (although they can remain anonymous IRL).
  9. Advanced features  Sophisticated management features, such as scheduled sending of previously composed emails, genuine blocking and blacklists, per-email scratch pads, and much more.
  10. Full Syndex™ participation  All emails and attachments are fully catalogued in the Syndex™, including those from unencrypted sources.  


Merlin's built-in secure file editors and viewers work with email attachments just as easily as with your files.   

And you only need one email client because Merlin Mail™ also works with conventional email like Gmail and Outlook, and with most company email systems, but without some of these features and protections.

Even those unencrypted external emails are encrypted once they arrive on your device.

Let's dig a bit deeper into the problems with conventional email, and have a look at how Merlin solves them...


Digital diseases

Email has become the most common means by which people are victimized by a plague of viruses, trojans, botnets, ransom-ware, spyware and adware.

You receive an apparently innocent-looking email—perhaps even from someone you know—and with it comes an important-looking attachment.

Maybe it's labelled as "Frequent Flyer Bonus Points Award" or "Record of Suspicious Credit Card Activity". 


Whatever it is, it'll be designed to look important.

After you read the text of the email—also designed to look critically important—you open the attachment.

Bam, it's all over.  Now you're infected, and most of the time you won't even know it. Yet.

Maybe it's ransom-ware that will lock you out of all your files, maybe it's a virus that will force your computer to join a botnet, maybe it's spyware that will capture information.

It's all bad, and almost all of it arrived on your device via seemingly innocent emails.

This is why experts advise us to open emails only from people we know.

The core problem is, attachments are opened by the operating system directly using the appropriate application. 

For example, if someone sends you an infected Word file, when you click it opens in Microsoft Word, or if they send you an executable program (an "exe" file), it will run directly, infecting your device in an instant.

Merlin is different.  Everything in Merlin lives within a secure 'box'.   

Internal secure viewers or editors are used to open attachments, which completely isolates them from the operating system where they could do harm.

That means you can safely click on any file in Merlin without fear of what it might contain.


Theft and impersonation

An astonishing number of companies and professional practitioners (accountants, lawyers, architects, etc.) use email to communicate sensitive work products such as tax returns, lab reports, financial information and a huge variety of other material with their clients simply because they have no other practical choice.

Virtually none of it is encrypted and almost all of it is highly vulnerable, as one law firm discovered when hackers got into their email server and purloined documents about the upcoming sale of stock by one of their clients.

From that they obtained enough information to engage in highly effective insider trading. 

They were caught, but how many others get away with it, to the detriment of innocent investors?


All sorts of business scams deliver apparently real and fully authorized purchase orders and invoices from seemingly genuine senders, but which are completely fabricated.  

As a simple example, imagine you got an email from your boss instructing you to authorize and pay an attached invoice immediately.

You might ask him about it, but if that sort of traffic is routine or if you're very busy yourself, you might just go ahead and do it.3

It can lead to truly disastrous results.

Or take the case of a small but highly innovative architectural firm. Despite some amazing designs, they kept losing bids to an independent firm who had astonishingly similar designs, but were priced a bit lower.

And then there was Susan Smith (not her real name) who happily shared pictures of her kids with a friend, only to later discover that an imposter had snagged them to represent the kids as their own children in a fraudulent "sob story" scam.


The perpetrator even extracted the GPS data from the pictures (easy to do) and knew precisely where Susan lived and her children played.

Merlin is different.  In Merlin everything is encrypted all the time. 

All an intermediate party can ever see is an encrypted stream of gibberish, both for the content of your email and all attachments.



The process of using emails to fool people into revealing sensitive information is known as "phishing" (simply after 'fishing'), and it's now an epidemic.

Among the most effective phishing scams are apparently real emails from people's banks, requesting that the person log into their online account to resolve a serious problem.4

The emails feature all the right graphics and disclaimers, so they look completely genuine.  They even contain a convenient hyperlink to the bank's login page, which also looks exactly like the real thing.  

Unfortunately, it's not; it's actually a page operated by the scammers.  Unsuspecting victims fill in their login ID and password, which are immediately harvested by the scammers.

And while you're busy threading your way through some apparently real-looking account-related messages presented by the fake website, the scammers are logging into your account and extracting your money or making purchases. 

It only takes a minute or two. 


Of course, after a few screens of seemingly real messages, what you think is your bank tells you that all is well!  Phew, your money is safe, and thank you for reviewing everything!  You even get a happy confirmation email!  

These and millions of other digital rapes all start with email.


Spams and scams

Have you ever seen an email with the subject line "Cheap Viagra", only it's spelled a bit weirdly, like "V1agra", with a '1' replacing the 'i'? 

This and a million variants were used by spammers for quite a while to try to get their junk mail past the filters most email services used.  

Or how about an email from Dr. Mumbo Jumbo from Nigeria, who just happens to have 20 million dollars he needs your help to extract from the country, and for your assistance he'll split it with you.

                                                       You'll give me half?  Right, sure.
Or perhaps you've received an email from a very upset friend who's travelling and just been robbed of their documents and money.

They plead, "Could you please, please send some money to this wonderful man who is helping me"? With the added assurance that, "I'll repay you the moment I get home".  

The note is genuinely from your friend's email address, but of course they didn't send it.  Their email account was hacked and a false plea for help was sent to everyone in their address book.

Advances in anti-spam techniques have improved the situation, but it's still far from perfect.  And it shouldn't be happening in the first place, it only exacerbates all the other problems.


Vulnerable attachments

Protection for the files you send by email is virtually non-existent, opening an opportunity for hackers to intercept and misuse not only the content of the notes themselves, but also any files that are attached.

Most people willingly attach tax returns, payment information, contracts and a host of other confidential files to their emails without a thought for how badly their lives could be disrupted if those documents were intercepted.  

Nowhere is this more true than in communications between businesses and their customers.  

The thing is, email doesn't travel in a straight line between you and the person you're sending it to. 

Instead, it moves from your device over a potentially convoluted path to your email provider's servers, where it's then dispatched across another set of potentially indirect paths until it winds up on the server of the email service the recipient is using.  

When the recipient is ready to read the note it moves also by another potentially convoluted path from their email service's server to their actual device, where attachments can be detached and read.

Each of these steps, or "hops" will take the quickest path, which is not always the shortest.

For example, if you happen to be in Miami and you email someone in, say, New York City, you might expect your note to make its way up the coast of the US fairly directly.  

Sometimes it will travel that way.  But if the connections are very busy between two points, parts or all of your email and its attachments can just as easily be routed via Europe, or Asia, or Africa.

                The actual path is vastly more complex and exposed.

When this happens, your email and its attachments can pass through dozens of machines in some pretty unexpected places where the entire content is easy to intercept.

This is true for almost everything you do on the internet, not just email.  But it's emails with file attachments that create one of the most fertile opportunities for abuse because in standard email nothing is encrypted, nothing is protected.

Antiquated capabilities

Email is outdated in ways that seemed inconsequential when it was first invented more than 40 years ago, but which by now have become serious failings:

  • Delivery verification is poorly implemented, or not available at all.
  • Sender verification is equally problematic.
  • Attachment sizes are severely limited.
  • Email management, categorization and filing are absurdly manual processes.
  • It's too easy to make mistakes involving "reply all" and "send to all".
  • Adding encryption is complex, way beyond the technical abilities of the average user.
  • Formatting and presentation are highly inconsistent among clients (such as Outlook or Thunderbird) and different browsers (Chrome, Firefox, Safari, etc.).

There are lots of other problems, but you get the idea.




If you found this blog informative please like us on Facebook.


1. In this context, multidimensional means that in addition to assigning more than one category to an email, Merlin Mail™ can automatically file it in multiple folders.  This solves the problem of where to save an important email that discusses more than one important topic.
2. Provided you do not intentionally defeat this protection by explicitly exporting an infected attachment from within Merlin to a file your operating system can access.
3. This is a simplification of what actually happens, but the effect is the same.  Also see this.
4.  For example:

"WARNING: There has been unusual activity in your account.  Please login and review your recent transactions.  Failure to do so may result in immediate account suspension". 

      Here, the word login is a dead link, but in phishing emails it leads directly to the criminal's fake bank website.

Published on 2020-05-22 by:

Grasp the meaning not just the data.