15 November 2022
We are honored to receive an award for our paper on email security practices in Japan!
Japanese companies and organizations widely use PPAP (attaching an encrypted ZIP file to an email and then sending its password in the following email) as a security measure despite its ineffectiveness and potential harm. This study aims to clarify how, by whom, and why PPAP and other email security measures are chosen on the basis of a questionnaire survey and an email security analysis. This report provides a preliminary summary of the survey results. This survey revealed that approximately 64% of the 344 organizations that responded to the survey are still using PPAP (as of June 2022). Furthermore, 88% of the organizations that are using PPAP continue to use it even though they are aware of its harmfulness and ineffectiveness. It was also revealed that many organizations have e-mail operations that are vulnerable to attacks against PPAP.