15 November 2023
Our paper on email security (in Japanese) was selected as Specially Selected Paper of IPSJ Journal.
https://www.ipsj.or.jp/award/ssp_award.html (in Japanese)
Japanese companies and organizations widely use PPAP (i.e., attaching an encrypted ZIP file to a first email and then sending its password in a second email) as a security measure, despite the ineffectiveness and potential harm of the method. This study aims to clarify how, by whom, and why PPAP and other email security measures are chosen on the basis of a questionnaire survey and an email security analysis. We provide a preliminary summary of the survey results. We revealed that approximately 64% of the 344 organizations that responded to the survey were still using PPAP (as of June 2022). Furthermore, 88% of the organizations that were using PPAP continued to use it even though they were aware of its harmfulness and ineffectiveness. We also revealed that many organizations performed email operations vulnerable to attacks against PPAP.