Forgot your password?
typodupeerror

The Time Has Come to Ditch Email? 398

Posted by Zonk
from the i-find-it-handy dept.
Krishna Dagli writes to mention an article at The Register claiming that it's time we stop using email to communicate. From the article: "The problem is, email is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It's a victim of its own success. It's a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it's all for naught."
This discussion has been archived. No new comments can be posted.

The Time Has Come to Ditch Email?

Comments Filter:
  • by yagu (721525) * <yayagu.gmail@com> on Friday June 02, 2006 @11:20AM (#15454312) Journal

    Short version of story:

    E-mail shouldn't really go away, we need to recreate it from scratch with builtin security, authentication, encryption, etc, and those mechanisms need to be as transparent as today's e-mail.

    EOF

    E-mail will probably go that way, but I don't see it being recreated from scratch. Postfix evolved out of perceived difficulties with sendmail (still one of my favorite packages... obtuse, obtuse, obtuse, but lots of fun.) while in-flight.

    The fixes for e-mail likely will also occur in-flight... there's too much momentum, and too many transactions dependent on e-mail for it to stop, then go.

    The single most important step for me would be transparent authentication, via certs, whatever. As phishing becomes more insidious and the stakes go up, someday someone (or a bunch of someones) will be phished severely, escalating the urgency of authentication. It may start out clunky (ever tried to get friends and family to do PGP handshakes?), but as with other technology I think it can be done with transparency.

    E-mail stays... (btw, if you want to send e-mail feedback to the author, this is the link [theregister.co.uk].

  • in other news (Score:1, Insightful)

    by Pig Hogger (10379) <pig@hogger.gmail@com> on Friday June 02, 2006 @11:20AM (#15454314) Homepage Journal
    ... it also says that FTP and NNTP are dead, too.

    Yeah, right.

  • Acronym soup. (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Friday June 02, 2006 @11:24AM (#15454350)
    From TFA:
    Build an electronic identity. Encode, hash, encrypt, compress, sign, and provide a novel way to share keys when needed, for example. I don't know how this will all turn out, but perhaps yEnc, MD5, AES, H.264, and GPG are some potential technologies that could be used together.
    So, he doesn't know how to fix email, but here is a list of acronyms to get you excited about it.

    Sorry, but to be taken seriously, you'd at least have to have a basic framework already thought out. Just claiming that it's broken and maybe one of these TLA's that you've heard of might be used to fix it ... that's just junk.

    Go back, think about it and then write a real article.
  • headline (Score:4, Insightful)

    by gEvil (beta) (945888) on Friday June 02, 2006 @11:24AM (#15454354)
    I realize basic language skills are a difficult thing for a slashdot editor to grasp, but come on! Rather than taking the title of the Register article and slapping a question mark on it, it makes a whole lot more sense to actually rearrange the words into the form of a question: "Has the Time Come to Ditch Email?" or even "Is it Time to Ditch Email?"
  • by dissolved (887190) on Friday June 02, 2006 @11:24AM (#15454355)
    From TFA: "Use existing, proven technologies and a few new and novel ideas - starting with the latest encoding mechanisms, a reliable hashing algorithm, fast compression, strong encryption and signatures. "

    So in 25 years time today's technology will stop 90% of communication being spam? Spam exists in the spite of the best efforts to stamp it out. Whatever we do it'll be the same. Writing an article full of buzzwords and hypothesis doesn't really help a lot.
  • Re:Acronym soup. (Score:2, Insightful)

    by fumblebruschi (831320) on Friday June 02, 2006 @11:30AM (#15454422)
    I have to agree. Isn't it kind of a waste of time to devote 4000 words to describing a problem everyone already knows about, but offer no solutions beyond "Somebody needs to do something?"

    Terry Pratchett observed that no one ever seems to follow the sentence "Somebody should do something" with the sentence "And that someone is me!"
  • by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Friday June 02, 2006 @11:32AM (#15454436) Homepage Journal
    SMTP still works exceedingly well for its purpose. Understand this: spam and viruses will propigate through any message transfer protocol that will ever be invented. We already have effective technologies [freesoftwaremagazine.com] for filtering that stuff out of SMTP traffic, but if admins can't be bothered to implement them for their customers, I don't know why they'd implement similar measures on other protocols.

    Put another way, if you run your own mailserver and still get spam and viruses, it's because you haven't chosen to address the problem. If you use someone else's mailserver and still get spam and viruses, it's because they haven't chosen to address the problem. Nothing stands between you and a clean inbox but motivation, whether your own or your ISP's.

    And no, broken hacks like DJB's "Internet Mail 2000" will never get real-world acceptance as they make it as difficult for legitimate bulk senders to broadcast as for spammers. SMTP is here to stay as the standard method for (somewhat) reliably routing messages between people on unaffiliated networks. Replacing it with a similar system with new pitfalls isn't the answer we're looking for.

  • by onion2k (203094) on Friday June 02, 2006 @11:35AM (#15454465) Homepage
    someday someone (or a bunch of someones) will be phished severely, escalating the urgency of authentication

    This is the key issue .. the victims. These are the people who need to be targeted if we're ever going to stop spam. No technological solution will ever fix the problem so long as it remains profitable .. people will go to extraordinary lengths to make a fast buck .. The debacle with Blue Frog demonstrated just how much power spammers wield over the internet. I really doubt that even a fundamental change to the underlying protocols of email would stop them.

    Instead we need to educate the victims. Stop people clicking on links in emails *ever*, stop people buying "cheap prescription meds online", stop people sending thousands of dollars to the Nigerian interior minister.

    Only when spam stops working will spammers stop working.
  • by Anonymous Coward on Friday June 02, 2006 @11:37AM (#15454489)
    Who's the first one who wants to actually do it?! Go ahead, ditch e-mail! Yeah sure, I'm sure that will happen! I wish I could go back to the eighties when doing IT jobs was still fun. We had no e-mail back then. No cell phones either. You could read the newspaper and smoke a cigar on your lunch break. We used to go to the restaurant in downtown and eat lunch there. There was no hurry and we fucking knew every single piece of our systems we administrated back then. Now it's impossible to know everything and now it's constant fucking rush every single moment!
  • by plasmacutter (901737) on Friday June 02, 2006 @11:37AM (#15454491)
    As much as I hate to admit it, copyright treaties have been extremely successful in perpetuating the DMCA.

    why not use it for something beneficial for a change, and introduce treaties to the UN for the harsh enforcement of anti-spam measures.

    Once the international safe havens are removed or severely curtailed, there will be less of it, and everyone but the ad nazis and the "big data" industry which has arisen to serve them will be better off.
  • Right...... (Score:5, Insightful)

    by Puls4r (724907) on Friday June 02, 2006 @11:38AM (#15454498)
    And of course, the NEW system won't be vulnerable to ANYTHING - right?

    No, wait, let's think that through. Let's take video games as the paradigm. Every year companies spend upwards of 20 million per video game. Every year, they come out with the newest, latest, greatest in copy protection. This copy protection is only limited by their imaginations (and the hardware). And yet days after release, and sometimes prior to release, their code is hacked, cracked, and distributed.

    This author somehow thinks that going back and redoing everything will fix it. The author is naive.

    Call my analogy a bad one if you will, but the SECOND you put ANY type of system into the hands of the criminals / spammers, they will find ways to exploit it. This is proven time and again.

    How exactly does this new email system stop phishing? Oh, right, it can't. Have a link, go to a malicious website, etc. How exactly does this new email system stop users from clicking executables thinking that they are going to see nudie pictures of Katie Holmes? They don't. How does this new email stop virii? It won't.

    Encrypt your email if you want security. Password protect your account. Use filtering to dump spam before you read it.

    OH, and I forgot to mention - I'll be sending you a snail mail letter that looks completely official. It's about a man I met in Nigeria, who has some money he'd like to give you.
  • Yeah, right... (Score:3, Insightful)

    by zeromemory (742402) on Friday June 02, 2006 @11:39AM (#15454509) Homepage
    Since we're thinking about ditching email, when are we going to ditch snail mail?

    Anyways, these suggestions for improving email are full of fancy features (hashing and compression!) but all they really serve to do is complicate the protocol. Right now, SMTP is so simple that it can be implemented by the tiniest of embedded systems. Take that away and whatever protocol you come up with probably will never be as popular SMTP.

    Besides, most of these proposed changes don't do too much to prevent spam without any of the questionable side-effects encountered with the current proposals to counter spam (ex., lost of anonymity, cost, proving identity a la SSL certs)...
  • by B'Trey (111263) on Friday June 02, 2006 @11:39AM (#15454518)
    Bad analogies. Email will get replaced. I certainly can't tell you with what, but it will get replaced. And the reason it can be replaced and the others can't is because it doesn't need to be an instant and complete replacement. Email will get replaced the same way that land lines are being replaced by cell phones.

    If you'd tried to instantly replace the phone system with a different, portable system, you'd have been doomed to failure. There's no way you would have ever gotten everyone to just give up their telephone and buy a new, different device for voice communications. But cell phones are replacing land lines because they're compatible. Even though a cell phone and a land line phone work very differently at the hand set level, they both go back to the same place and you can call one from the other. All of the differences are handled transparently to the user. He doesn't care if his voice is going out over copper pairs or over RF to a cell tower. He doesn't care if it's switched through mechanical switches or digitized and sent through a IP network. He dials and a number and he talks.

    To replace email, we need to come up with a new system which provides security and authentication when communicating with other addresses on the new system but degrades gracefully when sending to a legacy email address. As more and more people switch to the new system, the old system can be abandoned. It's a piecemeal replacement, not a wholesale changeout.

    The article talks about all of this, all though I've tried to clarify a few things. It even gives a possible mechanism for graceful degradation.
  • by rueger (210566) on Friday June 02, 2006 @11:43AM (#15454555) Homepage
    I find that the people who gripe loudest about the problems with e-mail are the ones who have poor or no spam filtering.

    I guess I'm lucky that I have an ISP [magma.ca] who takes spam blocking seriously, using a combination of Brightmail and a user configuarable Spam-Assassin install that seems to block 98% of spam and which has virtually no false positives. On the weeks when I monitor it, they may mis-label one in several tens of thousands of messages, usually from mailing list or other source that just barely triggers the filter.

    Most people assume that the lousy, error prone spam blocking offered by many ISPs is the best than can be acomplished. That's simply not true.

    Unlike the article author, I still find e-mail a reliable and essential tool, and can't see a need to make significant changes at this time.
  • Good sized system? (Score:5, Insightful)

    by fm2503 (876331) on Friday June 02, 2006 @11:48AM (#15454594)
    A peak of ~75 messages a minute?

    Me thinks you need several zeros on the end of that to get to a medium to large installation....
  • Re:in other news (Score:2, Insightful)

    by gowen (141411) <gwowen@gmail.com> on Friday June 02, 2006 @11:49AM (#15454604) Homepage Journal
    Usenet is HUGE but it's not known about among the less experienced users
    You make that sound like thats a bad thing.
  • by Weaselmancer (533834) on Friday June 02, 2006 @11:59AM (#15454704)

    I've had people get pissed at me when I don't respond to their email. Reason I didn't respond is that it was sitting in a queue somewhere and I hadn't gotten it yet. Plenty of other examples I can think of but that'll do for now.

    What we need is a locked out system. Something that doesn't interact with SMTP at all. True, people using that system could only email people in that system, but that wouldn't be a problem once it caught on. If you could guarantee delivery and zero spam, people would flock to it. Google could adapt Gmail to be that system inside of a half a year if they wanted to.

    I know people would initially say "No way! How will I communicate with everyone I normally have to email?" Well...it'd be like when my friends discovered ICQ back in the late 90's. Everyone said "Hey...download ICQ and we can talk in real time." And eventually I did. And for a few years, I didn't do email at all (until ICQ died from bloat anyways). This new email system would be adopted just like that. "Hey, I know a messaging system that'll give you something like email, but zero spam and a guaranteed delivery time. Just download the client and make an account. It's great."

    Wouldn't be hard to make, either. Just fix things so that you have to log in to send a message, and put something in your TOS that you cannot spam people. Also have an active admin system. Someone does something against the TOS, you yank their account. Maybe have a "report abuse" function built in to the client, or some such. Maybe something like Slashdot Karma. Enough complaints and your account gets locked for admin review.

    And ditch relays - they're too hackable. Make each server isolated. We don't need to do the relay thing anymore. It was important "way back then" when you could only send email by queueing them up to transmit at 3am when the grad students finally get off the mainframe, but it's not like that anymore. Make the new system isolated. If you want to send email to someone@someserver.com, you have to have an account on someserver.com. And if you spam someone@someserver.com, they report you and you get locked out.

    You could implement all sorts of good ideas into a system like this. Don't allow people to send more than 1 email every minute or two. Don't let people automatically get an account you the system - let them apply and then wait for verification to stop bots from making accounts.

    It'd take more thinking and planning than what I've got here, but the point is that something more safe and secure could easily be made. I'd love to see it.

  • Curb Spammers (Score:5, Insightful)

    by Robber Baron (112304) on Friday June 02, 2006 @11:59AM (#15454705) Homepage
    What somebody needs to do is curb the fucking spammers!

    And I don't mean "curb" as in curtail their activity, I mean "curb" as in stick their fucking heads on a curb and stomp on them!
  • Re:in other news (Score:3, Insightful)

    by PingXao (153057) on Friday June 02, 2006 @12:13PM (#15454835)
    Not. Look around for usage statistics and you'll see that USENET traffic and messags are up, and that doesn't include the binary groups. You are right about the "average" internet user not using usenet, but that's a good thing IMO.

    I've used gopher. Gopher was actually replaced by the web and HTTP. When web browsers and HTTP came along, they started to do the job Gopher was doing and doing it better than Gopher itself. That's why gopher went away.

    The nntp situation is different. There's something to be said about groups of messages organized in a heierarchical category that are primarily text based. Usenet fills a need that no web service can match, and that goes for the alt groups as well. Don't kid yourself, there's a lot of good stuff on the alt groups - you just need to know where to look. Let me say right here that none of my comments are meant with an eye toward the binary groups. Sometimes I wish they would go away just because of the bandwidth and disk space concerns.
  • by gelfling (6534) on Friday June 02, 2006 @12:14PM (#15454851) Homepage Journal
    At work we use SMS and IM increasingly to communicate. For larger objects we point people to places to pick or leave large files. We increasingly use webconferences/netmeetings where the material is shared but not sent at all. Because I for one am sick of being on the receiving end of a threaded series of emails that consist of "Read This!" or "Me Too!!!" and at the bottom is giant 10Mb blob of something. I really don't need 10 copies of that, thanks.

    At home, most email is garbage anyway. Moreover most of the younger people I know (under 25, say) don't read their email often or often enough to be useful. It's like voicemail to them - but less so. (Yes young people don't use voicemail, don't bother leaving a message they never check it). So already the next generation is abandoning email. They use it because it's the defacto ID of the internet - please give us your email address so we can confirm our transaction....etc. but for the most part email is unimportant to them. If you sent confirmations to SMS it would do as much.
  • by Ryan Amos (16972) on Friday June 02, 2006 @12:18PM (#15454889)
    Ever since the invention of money, there have been con-men who want to take it from you. Nothing will stop the spammers, though BlueFrog was a good method of introducing a monetary cost to spam. The reason spam is so prevalent is that it costs nothing to send.

    There's a fool born every minute; the internet just makes it easier for con-men to find them.
  • by Ulven (679148) on Friday June 02, 2006 @12:25PM (#15454974)
    In some parts of the world, landlines aren't only being replaced, they are being totally bypassed. I was in Tanzania a few years ago, and far far more people had mobiles than a landline. Running wires everywhere is an expensive operation.
  • by Anonymous Coward on Friday June 02, 2006 @12:31PM (#15455039)
    All you people who think we need to build better clients are crazy. It is the mail servers that need to do the job.

    Every mailserver should require authentication to send. It should then do the correct encryption, sending, etc. The receiving mail server should do the correct decrypting, etc. All of this should happen WITHOUT the dumb user having to know about it (but let the geeks at it if they like).

    Sigh.
  • by bheer (633842) <<moc.liamg> <ta> <reehbr>> on Friday June 02, 2006 @12:36PM (#15455096)
    Cables are 'land' lines too. Just because it ain't good old copper doesn't mean all the last-mile challenges of landlines aren't there.
  • by Anonymous Coward on Friday June 02, 2006 @12:43PM (#15455147)
    Businesses around the world lose billions in productivity from having to filter spam and deal with netowrk congestion and fraud by email. I would not be surprised if they supported such a treaty.
  • by Miniluv (165290) on Friday June 02, 2006 @12:43PM (#15455156) Homepage
    Best efforts to stamp it out? What planet are you on, or more importantly what Internet? Spam filtering by content analysis is a piss poor means of eliminating it.

    The major problem, which the article correctly identifies, with today's email system is the utter lack of enforced identity verification. Even if you want it, there's no mechanisms to support it. The only thing you can do is accept all of that email, and then only read the stuff that's PGP signed. Combine that with the lack of ease of use of most encryption solutions today.

    We need to make the sender do some work to put all the info necessary to advertise the validity of their message, and then let the recipient MTA and MUA do a minimum of work to verify that they want this message.

    I do think the original article is a bit ambitious on the thought of finding ways to make computing resources expensive enough to prevent spam but cheap enough to be feasible for users when sending under this new scheme. However you don't actually need to accomplish that, if you make it such that a spammer has to either prove who they are or pay a huge trust penalty for not doing so then you're way ahead of the current situation.
  • by WebCowboy (196209) on Friday June 02, 2006 @12:53PM (#15455262)
    Each of the items I listed are too large and complex, and are beyond repair, but in the same respect could NEVER be recreated in a reasonable time frame.

    Two questions:

    1) By suggesting email "could NEVER be recreated in a reasonable timeframe" you are inferring that a reinvented email system must be complex. Why would that be? We don't have to re-invent security, authentication, encryption from scratch for use especially for email--we already have the technology and use it extensively (HTTP(S), LDAP, Kerberos, SSH, etc). What is missing in email is an elegant integration of these technologies.

    2) Even if architecting a next-generation email system would take a long time, why would that be a problem? What would be a "reasonable" timeframe? Personally I don't think that a W3C-like standards body would take more than 5 years to craft a usable standard, and by the time it hit 1.0 there would already be a lot of early implementations. Sure it would take a long time to adopt, but there could be email gateways like there was between the internet and old-school nets like Fidonet, and those gateways can handle the spam and other crap before they hit any "new and improved" email servers.

    When something gets as broken as email people are more motivated to fix it. There are already some interesting ideas [prescod.net] out there that could catch on...
  • > There aren't enough of us geeks to hold the hand of every user in the world.

    Who exactly wrote all the software we have now that the non-technical users rely on every day? Geeks. There are plenty of us around :)

  • by Dr. Evil (3501) on Friday June 02, 2006 @01:18PM (#15455526)

    "...virtually no false positives."

    I get virtually no personal email. Virtually no false positives means I will be losing personal email.

    Most of these stats are based on the idea of dividing false positives by the number of emails received, rather than false positives against legitimate emails.

    Spamassasin lost about 1-2% of my legitimate mail. It's unpredictable and it makes email unreliable.

    Not that I have a solution, just to say that for me, this kind of filtering is not it.

  • by the real chahn (727189) on Friday June 02, 2006 @01:24PM (#15455590)
    The problem is that degrading gracefullly has to occur both ways: in other words, it is not enough that a next-generation email system can send an email to a legacy system, but the next-generation system also has to be able to receive emails from the legacy system. Therein lies the problem: until you shut off the ability to receive from legacy systems, there is (almost*) no advantage to the next generation system because you still will be vulnerable to phishing, spam, etc. from legacy emails.

    *I say almost because you could set up a client to whitelist next generation emails or flag legacy emails as insecure, and while those measures are not totally unrealistic they also won't revolutionize email anytime soon.
  • by Decameron81 (628548) on Friday June 02, 2006 @01:32PM (#15455646)
    "I've had people get pissed at me when I don't respond to their email. Reason I didn't respond is that it was sitting in a queue somewhere and I hadn't gotten it yet. Plenty of other examples I can think of but that'll do for now. What we need is a locked out system. Something that doesn't interact with SMTP at all. True, people using that system could only email people in that system, but that wouldn't be a problem once it caught on. If you could guarantee delivery and zero spam, people would flock to it. Google could adapt Gmail to be that system inside of a half a year if they wanted to."
    I disagree. Telling people that with the new system they can't message people using the older system isn't practical. Especially if you want to be using the same address format that we are using nowadays (name@server.whatever).
    I know people would initially say "No way! How will I communicate with everyone I normally have to email?" Well...it'd be like when my friends discovered ICQ back in the late 90's. Everyone said "Hey...download ICQ and we can talk in real time." And eventually I did. And for a few years, I didn't do email at all (until ICQ died from bloat anyways). This new email system would be adopted just like that. "Hey, I know a messaging system that'll give you something like email, but zero spam and a guaranteed delivery time. Just download the client and make an account. It's great.""
    I really don't know that much people that stopped using e-mail because of ICQ. IM is not, and was never meant, to replace e-mail (given their different nature).
    "Wouldn't be hard to make, either. Just fix things so that you have to log in to send a message, and put something in your TOS that you cannot spam people. Also have an active admin system. Someone does something against the TOS, you yank their account. Maybe have a "report abuse" function built in to the client, or some such. Maybe something like Slashdot Karma. Enough complaints and your account gets locked for admin review."
    Admins actively controlling the system? And who's gonna pay for those? Most importantly, how will they get chosen? How will you ensure that they won't abuse their status? In other words: how many new problems would that bring and how much would that fix?
    "And ditch relays - they're too hackable. Make each server isolated. We don't need to do the relay thing anymore. It was important "way back then" when you could only send email by queueing them up to transmit at 3am when the grad students finally get off the mainframe, but it's not like that anymore. Make the new system isolated. If you want to send email to someone@someserver.com, you have to have an account on someserver.com. And if you spam someone@someserver.com, they report you and you get locked out."
    Hmmm... I would rather not register at a hundred different servers just to send mail. I prefer spam to that.
    "You could implement all sorts of good ideas into a system like this. Don't allow people to send more than 1 email every minute or two."
    Right. And what if you're in a hurry and you need to send lots of mail messages? Also, what about sending one single mail to multiple recipients? Would you have to apply for some special permission to do that too?
    "Don't let people automatically get an account you the system - let them apply and then wait for verification to stop bots from making accounts."
    To send a mail message? Too much hassle...
    "It'd take more thinking and planning than what I've got here, but the point is that something more safe and secure could easily be made. I'd love to see it.
    I am not too sure that it could "easily" be made. Spam is not something that you can eradicate just by adding administrators and bureaucracy. The filters can be a good start. Deca
  • by jrifkin (100192) on Friday June 02, 2006 @01:33PM (#15455650)
    What makes Spam and Malware unmanagable is the sheer number of vulnerable and hacked systems.

    When vulnerable boxes disappear, the bad guys would have little ammunition. My guess is that over
    time, as computing matures and our OSes stabilize, security holes will be plugged faster than they
    are created. When that happens, vulnerable boxen will become rare, and the bad guys will find it
    harder and harder to send Spam and Malware with impunity.

    And then the rainbows will soar and unicorns will return.
  • by Pegasus (13291) on Friday June 02, 2006 @03:21PM (#15456841) Homepage
    Short version of story:

    E-mail shouldn't really go away, we need to recreate it from scratch with builtin security, authentication, encryption, etc, and those mechanisms need to be as transparent as today's e-mail.

    EOF

    Um ... that is already done, altough almost no one uses it anymore. Remember that old X.400 thing? It was seen as too complicated back then with all the security and encryption builtin and SMTP was seen as its successor. Now look where we've come ...

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...