Forgot your password?
typodupeerror

The Time Has Come to Ditch Email? 398

Posted by Zonk
from the i-find-it-handy dept.
Krishna Dagli writes to mention an article at The Register claiming that it's time we stop using email to communicate. From the article: "The problem is, email is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It's a victim of its own success. It's a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it's all for naught."
This discussion has been archived. No new comments can be posted.

The Time Has Come to Ditch Email?

Comments Filter:
  • by ellem (147712) * <ellem52@gmai[ ]om ['l.c' in gap]> on Friday June 02, 2006 @11:21AM (#15454323) Homepage Journal
    http://slashdot.org/~ellem/journal/104280 [slashdot.org]

    Mail really is broken. It does not work as expected or as wanted by users.
  • Father of Sendmail (Score:3, Interesting)

    by totallygeek (263191) <sellis@totallygeek.com> on Friday June 02, 2006 @11:31AM (#15454430) Homepage
    I recently had an opportunity to meet Eric Allman. He had people in his office, so I did not get to say hi. Afterward, I thought if I met him, what would I even say? I figured there would be an equal number of praises and complaints.

    For the record: smtp rules.
  • by Betabug (58015) on Friday June 02, 2006 @11:34AM (#15454457) Homepage
    "ever tried to get friends and family to do PGP handshakes?"

    Yes, I've tried... and I've been and am quite successfull with it. Using GPG to send/receive encrypted mail and check signatures with a good plugin isn't rocket science.

    Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?

    My experiences with PGP with friends and family: Do You Use PGP? - Encryption is not just for techies any more [betabug.ch].
  • Interesting... (Score:2, Interesting)

    by Digital Dharma (673185) <max@@@zenplatypus...com> on Friday June 02, 2006 @11:36AM (#15454473)
    Kind of like telling the world we need to ditch cars as our primary mode of transportation because of the evils of pollution...

    Well, one surefire way to lock it down would be to make it a closed system... (waits for incoming fire)
  • by harrkev (623093) <kfmsd AT harrelsonfamily DOT org> on Friday June 02, 2006 @11:40AM (#15454528) Homepage
    Sometimes you simply can't patch things any more, and it is time to start over. Even Microsoft realized this and moved from a DOS core to an NT core on XP. Apple realized this and moved from 6800 to PowerPC to X86.

    The solution? For some novel open-source software to appear that handles this problem. Then it gets integrated into Thunderbird as an OPTION for a way to send mail. It should work seamlessly, and fall back to old-fashioned e-mail when necessary. You would have two e-mail accounts side-by-side, but it would appear to the user as if they had only one.

    So the geeks will be on the bleeding edge. Everybody reading this would probably have it. As time goes by, more and more people using Thunderbird woudl switch. Then Opera would join it. Once it gets big enough, even Microsoft would sit up and take notice after hearing about how great it is ("embrace-extend-extinguish" begins with "embrace").

    It done right, and if the right players were involved, it could work.
  • by B'Trey (111263) on Friday June 02, 2006 @11:41AM (#15454538)
    Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?

    Because we're looking for a long term, widespread, permanent solution. There aren't enough of us geeks to hold the hand of every user in the world.
  • by TINGEA77 (935076) on Friday June 02, 2006 @11:43AM (#15454552)
    If I'm to apply the same logic to regular mail, well, regular mail is doomed too; it's full of phishing, spam, and spoofing. I guess I'm not sending anything by mail from now on!! Duh!

    If you get a letter from a car dealer stating that you won $3000 in credit if you buy one of his cars, do you automatically go and buy one? NO. Same thing goes for email, you don't open all emails and follow all links blindly.

    The problem is with educating people how to use email and the Internet as a whole. When enough people stop being click-happy... spamers will lose interest as no one will be paying for such a service, and phishers/spoofers won't find enough people to fall for their tricks.

    Simply, educate people about this powerful tool before you through them in! this is not only for email, it goes for anything to do with the internet and any form of communication as a whole.

    Just my $0.02.
  • by Exter-C (310390) on Friday June 02, 2006 @12:10PM (#15454809) Homepage
    As a systems administrator working on a few large scale mail servers the 'investment' required to cut spam and virus emails is very low if the system has been designed properly. I use open source tools on a system with in excess of 150,000 active users and it costs nothing in licenses and its on four servers and a central NetAPP filer for the mailstore. Realistically if we distribute the total cost over the user count and support issues are very low. its simple design the system. Our email service uses the following
    -Qmail, vpopmail, simscan, spamassassin and clamav. On a userbase with the amount of users we have its very easy to distribute, its easy to scale and the performance is great.
  • by penguin-collective (932038) on Friday June 02, 2006 @12:16PM (#15454873)
    The problem with E-mail is the store and forward model of the servers, which allows people to inject spam, remain unaccountable, and impose the costs on others. That design made sense 20 years ago, but it doesn't today.

    The solution is fairly simple: change to a different E-mail protocol; one simple approach is to have a protocol in which the sender stores the message until deliver and the only thing that gets delivered to the recipient is a small notification.

    On a related note, it really is pretty silly as well that there is SMTP in addition to IMAP; in the future, the client-to-server protocol might well just be simple IMAP (with an "outgoing" folder), and there can be a separate server-to-server protocol like the one described above.
  • by N1ck0 (803359) on Friday June 02, 2006 @12:23PM (#15454950)
    Oh yeah, lets solve the email problem by making the protocol more complex. Or maybe, just maybe, we could develop open standard that extends delivery that people could adopt....nah lets just ditch everything and start from scratch. Oh and while your throwing away billions of dollars of existing systems, ditch cars for mass transit systems, oh and ditch wasting paper, use of fossil fuels, pollution, corruption, poverty, and stupid columnists who just create a headline and thow bunches of meaningless buzzwords and acronyms in an article. SMTP is not an issue...its getting large software vendors to adopt a more complex RFC that has hooks for authentication, and encryption, etc. Since one major providers do, others will exploit that added information to filter content. Of course if you keep your 'standard' private like some software vendors, it kind of breaks the entire chain of events. In other words SMTP is not the issue, the issue is that a lot of large software companies really don't see the value in attempting improving things they don't directly make money from. Oh and his 'new' idea about creating a standard that differentates based email based on variables passed in the email address....Sorry its called 'Address Extensions' and has Been around for a long time.
  • by Medievalist (16032) on Friday June 02, 2006 @12:31PM (#15455037)
    You can prevent forgery now with SPF (v1, "classic" - forget that stupid broken patent-encumbered Microsoft SenderID that claims to be SPF v2). There's obviously a problem with sites that refuse to participate still being easily forged, but since the biggies (Gmail, AOL, etc.) are using it already the number of forgeable sites is shrinking.

    DKIM (successor to Yahoo's DomainKeys) will do even better when it gets more traction in the MTA and MUA segment, but for right now do SPFv1 and get the issues with forwarding worked out (if you have any - many sites won't) before DKIM arrives.

    Anti-forgery is only part of the solution, though - it just forces the spammers to register real domains (throwaway domains, granted) or use exclusively cracked hosts and botnets. The other parts of the solution are 1) heavy punishments for crackbot spammers (yay AOL and Microsoft for pushing this!) instead of law enforcement looking the other way as they have in the past and 2) consumer reaction against domain registrars that knowingly support spam gangs.

    The key thing to understand about anti-forgery measures is they allow other techniques (like blackholing and legal prosecution) to work. If your mail administrator isn't implementing at least the publishing side of SPFv1, that person is not doing his or her job properly.

    Geez, I said "Yay AOL and Microsoft". You don't see that on Slashdot much!
  • by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Friday June 02, 2006 @12:35PM (#15455084) Homepage Journal
    You should re-read the article from DJB. It makes a lot of sense

    I did and it doesn't. I routinely need to send out 50,000 copies of a customer newsletter. Right now, SMTP allows me to start the process now and gradually spool out the copies at my network's own convenience until I'm finished. Under Dan's crackpot idea, I send a broadcast to 50,000 customers letting them know that there's a newsletter waiting for them. When they all come to work at 9AM and simultaneously attempt to download a 1MB PDF, my router cries tears of pain and my customers hate my slow-loading message.

    Dan's idea sounds fine under certain very limited circumstances, but can't possibly work in the real world.

  • by jrockway (229604) * <jon-nospam@jrock.us> on Friday June 02, 2006 @01:01PM (#15455353) Homepage Journal
    > Sometimes you simply can't patch things any more, and it is time to start over. [...] Apple realized this and moved from 6800 to PowerPC to X86.

    I don't think Apple moved from PPC to x86 because of "patching", they moved because they could coerce Intel into giving them better prices on the chips (IBM didn't really care about Apple's business, and Apple's priorities and IBM's priorities didn't align). In fact, the same OS runs on both platforms with only a few changes to the kernel. 90% of the codebase (things like drivers, filesystems, etc.) run fine on either platform.

    Now if you mean OS9->OSX and the ensuing rewrite, you're right. OS9 was terrible, and it was time to start over.

    Joel has a different viewpoint, however: http://www.joelonsoftware.com/articles/fog00000000 69.html [joelonsoftware.com], "They did it by making the single worst strategic mistake that any software company can make: They decided to rewrite the code from scratch."
  • by Animats (122034) on Friday June 02, 2006 @01:05PM (#15455398) Homepage
    The real problem is zombies, Windows PCs taken over by malware and used to host spammers. As long as armies of zombies exist, and can impersonate the owner of the computer, nothing will work. Charging for mail won't work because the zombies will spend their host's money. Source authentication won't help because the zombies will use their host's identity. Until the armies of zombies can be slain, we cannot win.

    But the zombies are vulnerable. The lamest Windows OSs, the DOS/Win95/98/ME family, are slowly dying off. XP is at least potentially fixable, and Vista is much tighter.

    We've made real progress. It's tough to send spam today without committing a felony. Spammers are routinely going to jail. Spam as a means of even vaguely legitimate marketing is dead. Spam-friendly hosting is getting harder to find. Ironport gave up selling its "spam cannon" rackmount spam sender. Spam filtering is better than ever. Spammers have been reduced to using zombies because anything more direct gets them hammered.

  • by Biff Stu (654099) on Friday June 02, 2006 @01:19PM (#15455540)
    How does this stop the hordes of zombies on home broadband accounts with the default password for their SMTP sever stored in their e-mail client?
  • by caudron (466327) on Friday June 02, 2006 @01:44PM (#15455790) Homepage
    ...make email a pull instead of a push system.

    If you make it a pull system:

    1) there is no spoofing issue (you always have the real IP address of te sender, becuase you have to connect to get the message contents).

    2) spam costs move from the receiver to the sender, becuase the spam sender now has to bear the brunt of the bandwidth traffic hit.

    3) finally, recalling a mail message would work.

    There are more benefits to that "small" switch, but I'm far too lazy to lay them all out here.

    Tom Caudron
    http://tom.digitalelite.com/ [digitalelite.com]
  • by esper (11644) on Friday June 02, 2006 @01:57PM (#15455947) Homepage
    It makes bulk mail expensive for the sender. I *want* this.

    I host an announcement mailing list for one of the local dance communities. There are approximately 500 subscribers - the low end of "bulk", surely, but I'd call it "bulk" nonetheless. The organization on whose behalf the list is run is perpetually short on cash. If bulk mail on that scale becomes expensive, the list goes away and 500 people no longer receive timely email telling them about upcoming classes, dances, etc. How is that better for them?

    But maybe 500 people and 2-3 messages/week doesn't count as "bulk" in your view. How many people subscribe to, say, the linux-kernel mailing list? The debian-user mailing list? If you want bulk mail to be expensive, then what will it cost to run those lists, distributing hundreds of messages a day to thousands, if not tens of thousands, of subscribers, and who will pay those bills?
  • Have I got it wrong? (Score:2, Interesting)

    by trydk (930014) on Friday June 02, 2006 @02:10PM (#15456107)
    I may have gotten this wrong, but to me it seems simple to secure E-mail without changing the current method drastically.

    First I must look at the types of E-mail I receive (more precisely, who I receive E-mail from):

    1. Friends and family
    2. Friends of friends and family
    3. Businesses I know
    4. Mailing lists
    5. Spammers

    For businesses there are another two categories:

    6. Customers
    7. Potential customers

    It must be possible to find a simple way to create a digital signature without making it rocket science, which is an underlying assumption of my suggestion.

    Similarly, it must be possible to disseminate a digital signature to potential recipients in an easy way, a scheme like tinyurl [slashdot.org] springs to mind -- or any of the other publicly available, free "certificate authorities" (CAs). I submit the public part of my signature to tinysig or whatever it is called and tell my friends and family about it.

    Businesses would probably register their signatures with the "official" CAs (but could use tinysig as well) and display proper links to them on their websites -- as could plain people with homepages. I would suggest something on the form of pubsig://tinysig.com/al1ga2r and pubsig://thawte.com/BigCorporation/12437265190. Those links would return a public signature id, which would go directly to the E-mail program for storage, much like the mailto: does for automatically opening a new E-mail.

    1. Friends and family would give you their tinysig signature, which you quickly incorporated into your E-mail program. The E-mail program disseminates it to whatever server(s) it collects mail from.

    2. Friends of friends and family would ask your common connection to forward their tinysig signature.

    3. Businesses I know would either provide me with links directly (i.e. by phone or mail) or through their websites.

    4. Mailing lists would provide their signature ID when you subscribe to the list.

    5. Spammers ... Well, tough luck, unless you are of category 1 through 4, of course.

    6. Customers of businesses should probably provide their public signature ID to the business if they want them to receive their mail, but otherwise the business could open for specific E-mail adresses like current whitelists in current spam filters.

    7. Potential customers ... well, if you want new customers, you should probably expect a certain amount of spam, shouldn't you?

    This suggestion could easily be grafted on to current, prevalent E-mail protocols, i.e. SMTP/ESMTP, POP and IMAP, and I am sure it would reduce the problem quite substantially and (provided the signatures are properly generated) be rather safe from crackers/hackers and spammers.

    Big E-mail providers like Yahoo, Hotmail, G-mail and the like, would certainly have to incorporate it into their systems for this to work properly, but again, it is not too difficult.

    Please bear with me if this is not thought through properly, but I have a plane to catch.
  • by Wesley Everest (446824) on Friday June 02, 2006 @02:31PM (#15456313)
    I'm all with you about needing a secure alternative, but then I hear stuff about mandatory ID, etc.

    Corporate whistleblowers, Chinese democracy activists, union organizers, etc. all have a legitimate reason to want to be able to send an email without it being traced back to them. How do we support that without opening the floodgates for spam/phishing/etc?

    Essentially, I should be able to somehow generate an ID, where I am the only one that can connect the ID to my person. At the same time, if I send an email, my recipient will receive it - they will be aware of the fact that the email is from someone who is hiding their personal identity, but some other form of information will be connected with that ID that shows that the email can be trusted more than some bulk-mailed viagra ad. Ideally the system would not require human intervention to screen. For example, maybe the ID is such that it requires 1 week of CPU-time to generate, and the encryption method has a secure method for storing the total number of emails sent using the ID.

    This way, a spammer would have to have acess to a million machines for a week to be able to send 10 million emails with a ID that has a count of less than 10.

    On the receiver end, they would get the email, and it would be flagged as unsolicited and anonymous, but they would know that I've only sent 5 other emails with the same ID and that the ID was difficult to obtain.

    The basic idea is that with each email you receive, there would be a set of information that you are guaranteed to know about the sender, with some of it optional. The email reader would only accept mass emails from trusted known IDs, but non-mass emails could come from anonymous IDs.

    Another possibility would be some form of trusted anonymous emails. Without further external knowledge, a single message from that ID would not be trusted, but it would be possible for an ID to create some form of trust structure. For example, imagine you anonymously donate $100 to some charity, using the ID. Then you send an email using that ID to people who respect that charity. The message header would include information that would allow automatic verification that the same ID was used for the donation and the email. The receiver would then be fairly certain that the message was not spam, but they couldn't trust it enough to give out their credit card number or other info.

    Anyway, this is the sort of thing I'm thinking of - decentralized, and secure in the sense that the sender and receiver can in some secure way communicate a level of trust to each other without outside interference or exposure.
  • SMTP and HTTP (Score:2, Interesting)

    by ElboRuum (946542) on Friday June 02, 2006 @03:30PM (#15456939)
    Two protocols which have grown beyond their initial specifications. SMTP was never meant to be any of the following: 1) Secure 2) Secure 3) Secure HTTP was never meant to do anything but display documents. Look at the both of them today. To try to implement security into a technology that was never meant to secure transmitted data and defeat spoofing is the same problem with implementing executable script and code-behind technologies into documents. Both were ideas which predate their abuses, when the 'net was more populated with people who benefitted from a general white-hat attitude and at the time had no need for rigorous secure technologies. That's no longer the case, and any technology which assumes it is technically out-of-date.
  • by Chordonblue (585047) on Friday June 02, 2006 @06:01PM (#15458312) Journal
    But I think there are better things to do. For instance, setting up an international task force that does nothing but go after these bastards. Sort of a Jack Bower / CTU kind of organization that tracks the sales these sites make and goes after them.

    I agree with those who suggest that as long as there's email, there will be spam. Therefore, the only real option here is to make it not so profitable.

The number of arguments is unimportant unless some of them are correct. -- Ralph Hartley

Working...