The Time Has Come to Ditch Email? 398
Krishna Dagli writes to mention an article at The Register claiming that it's time we stop using email to communicate. From the article: "The problem is, email is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It's a victim of its own success. It's a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it's all for naught."
I mentioned this some time ago (Score:3, Interesting)
Mail really is broken. It does not work as expected or as wanted by users.
Father of Sendmail (Score:3, Interesting)
For the record: smtp rules.
Re:get friends and family to do PGP? - Yes (Score:5, Interesting)
Yes, I've tried... and I've been and am quite successfull with it. Using GPG to send/receive encrypted mail and check signatures with a good plugin isn't rocket science.
Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?
My experiences with PGP with friends and family: Do You Use PGP? - Encryption is not just for techies any more [betabug.ch].
Interesting... (Score:2, Interesting)
Well, one surefire way to lock it down would be to make it a closed system... (waits for incoming fire)
Re:e-mail needs to get better (Score:3, Interesting)
The solution? For some novel open-source software to appear that handles this problem. Then it gets integrated into Thunderbird as an OPTION for a way to send mail. It should work seamlessly, and fall back to old-fashioned e-mail when necessary. You would have two e-mail accounts side-by-side, but it would appear to the user as if they had only one.
So the geeks will be on the bleeding edge. Everybody reading this would probably have it. As time goes by, more and more people using Thunderbird woudl switch. Then Opera would join it. Once it gets big enough, even Microsoft would sit up and take notice after hearing about how great it is ("embrace-extend-extinguish" begins with "embrace").
It done right, and if the right players were involved, it could work.
Re:get friends and family to do PGP? - Yes (Score:5, Interesting)
Because we're looking for a long term, widespread, permanent solution. There aren't enough of us geeks to hold the hand of every user in the world.
Applying the article logic to regular mail... (Score:5, Interesting)
If you get a letter from a car dealer stating that you won $3000 in credit if you buy one of his cars, do you automatically go and buy one? NO. Same thing goes for email, you don't open all emails and follow all links blindly.
The problem is with educating people how to use email and the Internet as a whole. When enough people stop being click-happy... spamers will lose interest as no one will be paying for such a service, and phishers/spoofers won't find enough people to fall for their tricks.
Simply, educate people about this powerful tool before you through them in! this is not only for email, it goes for anything to do with the internet and any form of communication as a whole.
Just my $0.02.
I am not sure about investment (Score:4, Interesting)
-Qmail, vpopmail, simscan, spamassassin and clamav. On a userbase with the amount of users we have its very easy to distribute, its easy to scale and the performance is great.
replacement for E-mail is E-mail (Score:3, Interesting)
The solution is fairly simple: change to a different E-mail protocol; one simple approach is to have a protocol in which the sender stores the message until deliver and the only thing that gets delivered to the recipient is a small notification.
On a related note, it really is pretty silly as well that there is SMTP in addition to IMAP; in the future, the client-to-server protocol might well just be simple IMAP (with an "outgoing" folder), and there can be a separate server-to-server protocol like the one described above.
Re:e-mail needs to get better (Score:2, Interesting)
SPF works. DKIM is coming. Not a total solution. (Score:3, Interesting)
DKIM (successor to Yahoo's DomainKeys) will do even better when it gets more traction in the MTA and MUA segment, but for right now do SPFv1 and get the issues with forwarding worked out (if you have any - many sites won't) before DKIM arrives.
Anti-forgery is only part of the solution, though - it just forces the spammers to register real domains (throwaway domains, granted) or use exclusively cracked hosts and botnets. The other parts of the solution are 1) heavy punishments for crackbot spammers (yay AOL and Microsoft for pushing this!) instead of law enforcement looking the other way as they have in the past and 2) consumer reaction against domain registrars that knowingly support spam gangs.
The key thing to understand about anti-forgery measures is they allow other techniques (like blackholing and legal prosecution) to work. If your mail administrator isn't implementing at least the publishing side of SPFv1, that person is not doing his or her job properly.
Geez, I said "Yay AOL and Microsoft". You don't see that on Slashdot much!
Re:If it ain't broke... (Score:4, Interesting)
I did and it doesn't. I routinely need to send out 50,000 copies of a customer newsletter. Right now, SMTP allows me to start the process now and gradually spool out the copies at my network's own convenience until I'm finished. Under Dan's crackpot idea, I send a broadcast to 50,000 customers letting them know that there's a newsletter waiting for them. When they all come to work at 9AM and simultaneously attempt to download a 1MB PDF, my router cries tears of pain and my customers hate my slow-loading message.
Dan's idea sounds fine under certain very limited circumstances, but can't possibly work in the real world.
Re:e-mail needs to get better (Score:3, Interesting)
I don't think Apple moved from PPC to x86 because of "patching", they moved because they could coerce Intel into giving them better prices on the chips (IBM didn't really care about Apple's business, and Apple's priorities and IBM's priorities didn't align). In fact, the same OS runs on both platforms with only a few changes to the kernel. 90% of the codebase (things like drivers, filesystems, etc.) run fine on either platform.
Now if you mean OS9->OSX and the ensuing rewrite, you're right. OS9 was terrible, and it was time to start over.
Joel has a different viewpoint, however: http://www.joelonsoftware.com/articles/fog0000000
Spam is the symptom. Zombies are the problem. (Score:3, Interesting)
But the zombies are vulnerable. The lamest Windows OSs, the DOS/Win95/98/ME family, are slowly dying off. XP is at least potentially fixable, and Vista is much tighter.
We've made real progress. It's tough to send spam today without committing a felony. Spammers are routinely going to jail. Spam as a means of even vaguely legitimate marketing is dead. Spam-friendly hosting is getting harder to find. Ironport gave up selling its "spam cannon" rackmount spam sender. Spam filtering is better than ever. Spammers have been reduced to using zombies because anything more direct gets them hammered.
Re:Authenticated SMTP (Score:3, Interesting)
A small but important change... (Score:2, Interesting)
If you make it a pull system:
1) there is no spoofing issue (you always have the real IP address of te sender, becuase you have to connect to get the message contents).
2) spam costs move from the receiver to the sender, becuase the spam sender now has to bear the brunt of the bandwidth traffic hit.
3) finally, recalling a mail message would work.
There are more benefits to that "small" switch, but I'm far too lazy to lay them all out here.
Tom Caudron
http://tom.digitalelite.com/ [digitalelite.com]
Re:If it ain't broke... (Score:3, Interesting)
I host an announcement mailing list for one of the local dance communities. There are approximately 500 subscribers - the low end of "bulk", surely, but I'd call it "bulk" nonetheless. The organization on whose behalf the list is run is perpetually short on cash. If bulk mail on that scale becomes expensive, the list goes away and 500 people no longer receive timely email telling them about upcoming classes, dances, etc. How is that better for them?
But maybe 500 people and 2-3 messages/week doesn't count as "bulk" in your view. How many people subscribe to, say, the linux-kernel mailing list? The debian-user mailing list? If you want bulk mail to be expensive, then what will it cost to run those lists, distributing hundreds of messages a day to thousands, if not tens of thousands, of subscribers, and who will pay those bills?
Have I got it wrong? (Score:2, Interesting)
First I must look at the types of E-mail I receive (more precisely, who I receive E-mail from):
1. Friends and family
2. Friends of friends and family
3. Businesses I know
4. Mailing lists
5. Spammers
For businesses there are another two categories:
6. Customers
7. Potential customers
It must be possible to find a simple way to create a digital signature without making it rocket science, which is an underlying assumption of my suggestion.
Similarly, it must be possible to disseminate a digital signature to potential recipients in an easy way, a scheme like tinyurl [slashdot.org] springs to mind -- or any of the other publicly available, free "certificate authorities" (CAs). I submit the public part of my signature to tinysig or whatever it is called and tell my friends and family about it.
Businesses would probably register their signatures with the "official" CAs (but could use tinysig as well) and display proper links to them on their websites -- as could plain people with homepages. I would suggest something on the form of pubsig://tinysig.com/al1ga2r and pubsig://thawte.com/BigCorporation/12437265190. Those links would return a public signature id, which would go directly to the E-mail program for storage, much like the mailto: does for automatically opening a new E-mail.
1. Friends and family would give you their tinysig signature, which you quickly incorporated into your E-mail program. The E-mail program disseminates it to whatever server(s) it collects mail from.
2. Friends of friends and family would ask your common connection to forward their tinysig signature.
3. Businesses I know would either provide me with links directly (i.e. by phone or mail) or through their websites.
4. Mailing lists would provide their signature ID when you subscribe to the list.
5. Spammers
6. Customers of businesses should probably provide their public signature ID to the business if they want them to receive their mail, but otherwise the business could open for specific E-mail adresses like current whitelists in current spam filters.
7. Potential customers
This suggestion could easily be grafted on to current, prevalent E-mail protocols, i.e. SMTP/ESMTP, POP and IMAP, and I am sure it would reduce the problem quite substantially and (provided the signatures are properly generated) be rather safe from crackers/hackers and spammers.
Big E-mail providers like Yahoo, Hotmail, G-mail and the like, would certainly have to incorporate it into their systems for this to work properly, but again, it is not too difficult.
Please bear with me if this is not thought through properly, but I have a plane to catch.
But the right kind of security! (Score:3, Interesting)
Corporate whistleblowers, Chinese democracy activists, union organizers, etc. all have a legitimate reason to want to be able to send an email without it being traced back to them. How do we support that without opening the floodgates for spam/phishing/etc?
Essentially, I should be able to somehow generate an ID, where I am the only one that can connect the ID to my person. At the same time, if I send an email, my recipient will receive it - they will be aware of the fact that the email is from someone who is hiding their personal identity, but some other form of information will be connected with that ID that shows that the email can be trusted more than some bulk-mailed viagra ad. Ideally the system would not require human intervention to screen. For example, maybe the ID is such that it requires 1 week of CPU-time to generate, and the encryption method has a secure method for storing the total number of emails sent using the ID.
This way, a spammer would have to have acess to a million machines for a week to be able to send 10 million emails with a ID that has a count of less than 10.
On the receiver end, they would get the email, and it would be flagged as unsolicited and anonymous, but they would know that I've only sent 5 other emails with the same ID and that the ID was difficult to obtain.
The basic idea is that with each email you receive, there would be a set of information that you are guaranteed to know about the sender, with some of it optional. The email reader would only accept mass emails from trusted known IDs, but non-mass emails could come from anonymous IDs.
Another possibility would be some form of trusted anonymous emails. Without further external knowledge, a single message from that ID would not be trusted, but it would be possible for an ID to create some form of trust structure. For example, imagine you anonymously donate $100 to some charity, using the ID. Then you send an email using that ID to people who respect that charity. The message header would include information that would allow automatic verification that the same ID was used for the donation and the email. The receiver would then be fairly certain that the message was not spam, but they couldn't trust it enough to give out their credit card number or other info.
Anyway, this is the sort of thing I'm thinking of - decentralized, and secure in the sense that the sender and receiver can in some secure way communicate a level of trust to each other without outside interference or exposure.
SMTP and HTTP (Score:2, Interesting)
I agree with the sentiment... (Score:3, Interesting)
I agree with those who suggest that as long as there's email, there will be spam. Therefore, the only real option here is to make it not so profitable.