The Trust Protocol: Solving the $1B Human Error in Digital Security

In high-stakes enterprise communication, a single click can be a million-dollar mistake. My focus is on building 'guardrail systems' that leverage AI to protect human intuition from technical error.

Product Requirements Document

Executive Summary

A Gmail/Outlook feature aimed at preventing accidental inclusion of recipients from different organisations with the same or similar names. The feature will enhance the recipient validation process during email composition, specifically targeting scenarios where users who work with multiple clients composing emails to clients might mistakenly include a recipient from another organisation.

Objective

• Reduce the risk of sharing the sensitive information being accidentally sent to unintended recipients.

• Minimal disruption to the current email composition process.

• Enhance Gmail reputation as a secure and user-friendly email service.

Key Features

1. Recipient Organisation Check:

   • When a user adds recipients while composing the email, Gmail will automatically check the organisations associated with each recipient’s email address.

   • If recipients from multiple organisations are detected, Gmail will trigger a warning.

2. Similar Name Detection:

   • Gmail will detect if there are recipients with the same or similar names from different organisations.

   • A notification will popup to confirm if the recipients are intended.

3. Confirmation Dialog:

   • A dialog box will appear, highlighting the recipients from different organisations with similar names.

   • The user must confirm the inclusion of these recipients before sending the email.

4. Customisable Whitelist:

   • Users can create a whitelist of specific email addresses or organisations, ignoring the rule to check if the recipient belong to different organisations.

User Stories

1. As a user, I want Gmail to alert me if I add recipients with the same name from different organisations, so I can ensure I am emailing the correct person.

2. As a user, I want a notification if recipients from different organisations are detected, so I can decide their inclusion without disrupting my workflow.

3. As a user, I want the ability to whitelist certain email addresses or organisation domains, so I can choose if the rule is required to run or not.

Workflow

1. Adding Recipients:

   • User starts composing an email and adds recipients to the “To” & “CC” field.

   • Gmail checks the organisation associated with each email address.

2. Detection:

   • If multiple organisations are detected and recipients have the same or similar names, a warning is triggered.

3. Notification and Confirmation:

   • A dialog box appears, listing the odd recipients among the added.

   • User confirm if these recipients should be included or decide to delete it.

Technical Requirements

1. Recipient Parsing:

   • Implement backend logic to parse email addresses and associated domains (organisations).

2. Similarity Algorithm:

   • Develop an algorithm to detect similar names among recipients.

   • Develop an algorithm to detect odd domains among the added recipients.

   • Ensure the algorithm ignores the sender domain.

3. UI/UX Design:

   • Design a non-intrusive notification and confirmation dialog.

4. Whitelist Management:

   • Implement a feature for users to manage a whitelist of trusted email addresses or domains.

   • Ensure whitelist entries bypass the rule checking flow.

Metrics for Success

1. Reduction in Accidental Emails:

   • Measure the number of emails flagged by the system and user confirmation from the dialog box subsequent reduction in accidental emails sent to unintended recipients.

2. User Feedback:

   • Collect user feedback on the feature’s effectiveness and usability.

   • Monitor user satisfaction and feature adoption rates.

Risks and Mitigations

1. False Positives:

   • Risk: Users might be frequently interrupted by the feature for legitimate emails.

   • Mitigation: Fine-tune the similarity algorithm and allow easy whitelisting.

2. Performance Impact:

   • Risk: The feature might slow down the email composition process.

   • Mitigation: Optimise backend processing and ensure minimal impact on user experience.

3. User Adoption:

   • Risk: Users might not adapt to the new feature due to added steps while composing the email.

   • Mitigation: Provide FAQ & advance notification on the benefits.

Next to read >> Climate-Adaptive Pricing