Forgot your password?
typodupeerror

The Time Has Come to Ditch Email? 398

Posted by Zonk
from the i-find-it-handy dept.
Krishna Dagli writes to mention an article at The Register claiming that it's time we stop using email to communicate. From the article: "The problem is, email is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It's a victim of its own success. It's a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it's all for naught."
This discussion has been archived. No new comments can be posted.

The Time Has Come to Ditch Email?

Comments Filter:
  • by yagu (721525) * <yayagu.gmail@com> on Friday June 02, 2006 @11:20AM (#15454312) Journal

    Short version of story:

    E-mail shouldn't really go away, we need to recreate it from scratch with builtin security, authentication, encryption, etc, and those mechanisms need to be as transparent as today's e-mail.

    EOF

    E-mail will probably go that way, but I don't see it being recreated from scratch. Postfix evolved out of perceived difficulties with sendmail (still one of my favorite packages... obtuse, obtuse, obtuse, but lots of fun.) while in-flight.

    The fixes for e-mail likely will also occur in-flight... there's too much momentum, and too many transactions dependent on e-mail for it to stop, then go.

    The single most important step for me would be transparent authentication, via certs, whatever. As phishing becomes more insidious and the stakes go up, someday someone (or a bunch of someones) will be phished severely, escalating the urgency of authentication. It may start out clunky (ever tried to get friends and family to do PGP handshakes?), but as with other technology I think it can be done with transparency.

    E-mail stays... (btw, if you want to send e-mail feedback to the author, this is the link [theregister.co.uk].

    • > Postfix evolved out of perceived difficulties with sendmail

      I just converted a good-sized system from Sendmail to Postfix; here's why (with charts!) [blogs.com]. Go Postfix!
    • by Nadsat (652200) on Friday June 02, 2006 @11:32AM (#15454444) Homepage
      And they are not stopping at email, but at verbal communication. Soon the language we speak to one another will be codified. Meaning, if I want to talk to my girlfriend, I will speak through an earpiece mounted microphone. The mic encrypts my verbal language with a key that only she has. The words that come through my head-mounted mic then are amplified through a speaker which anyone can pick up, as if it were my voice speaking, but all garbled. Noone else can understand what I'm saying, because only she has the key on her headset, which is able to then re-articulate my words into her earpiece.

      It's like a private foreign language without having to bother learning a foreign language.

      That's the spirit of the article.
      • Meaning, if I want to talk to my girlfriend ...

        Hey if you can also get it to filter statements that are likely to land you in trouble, translate responses into something more sensitive, and translate back to you what she really means based on what she says, then I think you have the technology of the future. Maybe then slashdotters can get chicks. I would be an early adopter.
    • by Betabug (58015) on Friday June 02, 2006 @11:34AM (#15454457) Homepage
      "ever tried to get friends and family to do PGP handshakes?"

      Yes, I've tried... and I've been and am quite successfull with it. Using GPG to send/receive encrypted mail and check signatures with a good plugin isn't rocket science.

      Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?

      My experiences with PGP with friends and family: Do You Use PGP? - Encryption is not just for techies any more [betabug.ch].
      • by B'Trey (111263) on Friday June 02, 2006 @11:41AM (#15454538)
        Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?

        Because we're looking for a long term, widespread, permanent solution. There aren't enough of us geeks to hold the hand of every user in the world.
        • There aren't enough of us geeks to hold the hand of every user in the world.


          Perhaps there are enough of us geeks to code up the proper secure behavior for the various email clients that people use, make it the default behavior, and make it easy enough to use that people won't bother to try and disable it?


          Then it's just a matter of waiting for everybody to update their email client (i.e. 5-10 years, but that's better than never), and we're done :^)

          • Not to mention that the majority of so-called "noobs" use Webmail services, who could use GPG/PGP 'wizards' that would automagically setup up signed e-mail.

            Setting up GPG/PGP e-mail is not a technical or knowledge problem, its an implementation problem, in terms of e-mail client design.
          • [T]here are enough of us geeks to code up the proper secure behavior ... Then it's just a matter of waiting for everybody to update their email client (i.e. 5-10 years, ...)

            Actually, some of us geeks did a lot of it 15 or 20 years ago. Lotta good it did us all. Most of the email users are using Microsoft email software, and clearly will never upgrade to anything without the MS imprimatur, so our work was pretty much in vain.

            So how about some of the geeks here mention the more-secure email packages you've w
        • > There aren't enough of us geeks to hold the hand of every user in the world.

          Who exactly wrote all the software we have now that the non-technical users rely on every day? Geeks. There are plenty of us around :)

          • by Anonymous Coward
            grossout factor, for example, say you have an individual who needs some help setting up their next gen email, and this geek runs up to help, his mouth still dripping blood from the chickenhead he just bit off, the poor email using individual is going to just freak out and run away.
    • by onion2k (203094) on Friday June 02, 2006 @11:35AM (#15454465) Homepage
      someday someone (or a bunch of someones) will be phished severely, escalating the urgency of authentication

      This is the key issue .. the victims. These are the people who need to be targeted if we're ever going to stop spam. No technological solution will ever fix the problem so long as it remains profitable .. people will go to extraordinary lengths to make a fast buck .. The debacle with Blue Frog demonstrated just how much power spammers wield over the internet. I really doubt that even a fundamental change to the underlying protocols of email would stop them.

      Instead we need to educate the victims. Stop people clicking on links in emails *ever*, stop people buying "cheap prescription meds online", stop people sending thousands of dollars to the Nigerian interior minister.

      Only when spam stops working will spammers stop working.
      • Ever since the invention of money, there have been con-men who want to take it from you. Nothing will stop the spammers, though BlueFrog was a good method of introducing a monetary cost to spam. The reason spam is so prevalent is that it costs nothing to send.

        There's a fool born every minute; the internet just makes it easier for con-men to find them.
    • The fixes for e-mail likely will also occur in-flight... there's too much momentum, and too many transactions dependent on e-mail for it to stop, then go.

      I'm not so sure that's true; I suspect e-mail will be around with incremental, "in-flight" attempts at fixes for some time, but I also think that sooner or later its going to be suprisingly suddenly displaced, but not by something whose main focus is as an "e-mail replacement". Instead, by something that takes a radically different approach to informat

    • by RingDev (879105) on Friday June 02, 2006 @11:35AM (#15454471) Homepage Journal
      "(ever tried to get friends and family to do PGP handshakes?)"

      I've got one of those! It ends in a chest-thump then a simulated pistol shot in the air! We can always ensure that our friends are definately our friends with that hand shake.

      -Rick
    • Sometimes you simply can't patch things any more, and it is time to start over. Even Microsoft realized this and moved from a DOS core to an NT core on XP. Apple realized this and moved from 6800 to PowerPC to X86.

      The solution? For some novel open-source software to appear that handles this problem. Then it gets integrated into Thunderbird as an OPTION for a way to send mail. It should work seamlessly, and fall back to old-fashioned e-mail when necessary. You would have two e-mail accounts side-by-sid
      • > Sometimes you simply can't patch things any more, and it is time to start over. [...] Apple realized this and moved from 6800 to PowerPC to X86.

        I don't think Apple moved from PPC to x86 because of "patching", they moved because they could coerce Intel into giving them better prices on the chips (IBM didn't really care about Apple's business, and Apple's priorities and IBM's priorities didn't align). In fact, the same OS runs on both platforms with only a few changes to the kernel. 90% of the codebase
    • Short version of story:

      E-mail shouldn't really go away, we need to recreate it from scratch with builtin security, authentication, encryption, etc, and those mechanisms need to be as transparent as today's e-mail.

      EOF

      Um ... that is already done, altough almost no one uses it anymore. Remember that old X.400 thing? It was seen as too complicated back then with all the security and encryption builtin and SMTP was seen as its successor. Now look where we've come ...

  • by ellem (147712) * <ellem52NO@SPAMgmail.com> on Friday June 02, 2006 @11:21AM (#15454323) Homepage Journal
    http://slashdot.org/~ellem/journal/104280 [slashdot.org]

    Mail really is broken. It does not work as expected or as wanted by users.
    • I've had people get pissed at me when I don't respond to their email. Reason I didn't respond is that it was sitting in a queue somewhere and I hadn't gotten it yet. Plenty of other examples I can think of but that'll do for now.

      What we need is a locked out system. Something that doesn't interact with SMTP at all. True, people using that system could only email people in that system, but that wouldn't be a problem once it caught on. If you could guarantee delivery and zero spam, people would flock to

      • "I've had people get pissed at me when I don't respond to their email. Reason I didn't respond is that it was sitting in a queue somewhere and I hadn't gotten it yet. Plenty of other examples I can think of but that'll do for now. What we need is a locked out system. Something that doesn't interact with SMTP at all. True, people using that system could only email people in that system, but that wouldn't be a problem once it caught on. If you could guarantee delivery and zero spam, people would flock to it

  • by Carewolf (581105) on Friday June 02, 2006 @11:22AM (#15454332) Homepage
    It's time to ditch reality. It's fundamentally broken and inherently insecure. We should have predicted that 13 billion years ago.
  • by LibertineR (591918) on Friday June 02, 2006 @11:22AM (#15454334)
    They tried better, they tried different, who knew that the best way to destroy Exchange Server would be to just discredit email altogether?

    Whatever works!

  • Whoops... (Score:2, Funny)

    by Lacota (695046)
    FTP Dead? Riiight. Just like BSD.
  • Acronym soup. (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Friday June 02, 2006 @11:24AM (#15454350)
    From TFA:
    Build an electronic identity. Encode, hash, encrypt, compress, sign, and provide a novel way to share keys when needed, for example. I don't know how this will all turn out, but perhaps yEnc, MD5, AES, H.264, and GPG are some potential technologies that could be used together.
    So, he doesn't know how to fix email, but here is a list of acronyms to get you excited about it.

    Sorry, but to be taken seriously, you'd at least have to have a basic framework already thought out. Just claiming that it's broken and maybe one of these TLA's that you've heard of might be used to fix it ... that's just junk.

    Go back, think about it and then write a real article.
    • It appears that his solution revolves around some heavily encrypted and encoded form of video messaging. Basically, any available processing power in our machines would be used so that we could have basic communication abilities. Since I don't really feel like upgrading my machines, I'll stick with email, including all its faults.
    • Re:Acronym soup. (Score:2, Insightful)

      by fumblebruschi (831320)
      I have to agree. Isn't it kind of a waste of time to devote 4000 words to describing a problem everyone already knows about, but offer no solutions beyond "Somebody needs to do something?"

      Terry Pratchett observed that no one ever seems to follow the sentence "Somebody should do something" with the sentence "And that someone is me!"
    • > but perhaps yEnc, MD5, AES, H.264, and GPG are some potential technologies that could be used together.

      > So, he doesn't know how to fix email, but here is a list of acronyms to get you excited about it.

      It's quite blatant he doesn't know what he is talking about when you know H.264 is a video codec.

      Oh, and yEnc is a binary to text encoder, like uuencode, so it hasn't its place here either.
    • Re:Acronym soup. (Score:3, Informative)

      by mypalmike (454265)
      My favorite quote:

      "A completely new, secure email system would be the internet's next big critical application. If it required IPv6 addressing, maybe secure email would also kill those ridiculous "tiered internet (http://news.bbc.co.uk/1/hi/technology/4552138.stm )" ideas with one stone. But I'm just thinking aloud."

      Your ISP can throttle an IPv4 stream just as well as an IPv6 stream. And why would an email protocol "kill teh tiered intarweb"? Amazing stuff.
    • Umm... H.264 is a video codec [wikipedia.org] :)
    • Sorry, but to be taken seriously, you'd at least have to have a basic framework already thought out.

      So nobody is allowed to point out the email has problems until the solutions are already known? But if nobody is allowed to discuss the problems, how will the solutions ever be found?

      Go back, think about it and then write a real article

      This article is useful in that it gets people thinking about the problem. Now some clever person can come up with a proposed solution and post an article about it. That's ho

    • ...but here is a list of acronyms to get you excited about it.

      What? But it makes perfect sense!

      All we have to do is yEnc the H.264 stream, RAR is apart, make the PAR files, GPG each package, and verify the MD5 sums after it's been e-mailed to AES [ic.gc.ca]!

      But since the VP is such a VIP, shouldn't we keep the PC on the QT? Otherwise he could go MIA and we'll all end up on KP--oops, wrong argument.

  • headline (Score:4, Insightful)

    by gEvil (beta) (945888) on Friday June 02, 2006 @11:24AM (#15454354)
    I realize basic language skills are a difficult thing for a slashdot editor to grasp, but come on! Rather than taking the title of the Register article and slapping a question mark on it, it makes a whole lot more sense to actually rearrange the words into the form of a question: "Has the Time Come to Ditch Email?" or even "Is it Time to Ditch Email?"
    • The title is an imperative statement erroneously ending in a question mark?

      What's with that.

  • by dissolved (887190) on Friday June 02, 2006 @11:24AM (#15454355)
    From TFA: "Use existing, proven technologies and a few new and novel ideas - starting with the latest encoding mechanisms, a reliable hashing algorithm, fast compression, strong encryption and signatures. "

    So in 25 years time today's technology will stop 90% of communication being spam? Spam exists in the spite of the best efforts to stamp it out. Whatever we do it'll be the same. Writing an article full of buzzwords and hypothesis doesn't really help a lot.
    • by Miniluv (165290)
      Best efforts to stamp it out? What planet are you on, or more importantly what Internet? Spam filtering by content analysis is a piss poor means of eliminating it.

      The major problem, which the article correctly identifies, with today's email system is the utter lack of enforced identity verification. Even if you want it, there's no mechanisms to support it. The only thing you can do is accept all of that email, and then only read the stuff that's PGP signed. Combine that with the lack of ease of use of most
  • It look like the author of the artical should look at getting his friends to use PGP and then filter out all messages that aren't signed with known signitures.

    Unless your friends are terrorists that's going to be easier said than done.
    • PGP is close, but no cigar as it works at MUA, not MTA level.

      The domainkeys draft: http://www.ietf.org/internet-drafts/draft-delany-d omainkeys-base-04.txt [ietf.org] is a much closer approximation of what is needed here as it also describes the way this fits at the MTA level.

      There are also some obvious ways to build on this draft as far as trust chain management, but it will be better if they do not get in the draft and the draft is accepted "as is" for now. All other reasons aside, better to have an RFC to build on
  • Heard of that cool new things Segway?
  • Father of Sendmail (Score:3, Interesting)

    by totallygeek (263191) <sellis@totallygeek.com> on Friday June 02, 2006 @11:31AM (#15454430) Homepage
    I recently had an opportunity to meet Eric Allman. He had people in his office, so I did not get to say hi. Afterward, I thought if I met him, what would I even say? I figured there would be an equal number of praises and complaints.

    For the record: smtp rules.
  • by Rik Sweeney (471717) on Friday June 02, 2006 @11:32AM (#15454433) Homepage
    I express myself verbally when "talking" to the other developers:

    FIX YOUR FUCKING CRAPPY CODE!

    I also use sign language, but I don't have much of a grasp of it and stick to the usual middle digit up in the air.
  • by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Friday June 02, 2006 @11:32AM (#15454436) Homepage Journal
    SMTP still works exceedingly well for its purpose. Understand this: spam and viruses will propigate through any message transfer protocol that will ever be invented. We already have effective technologies [freesoftwaremagazine.com] for filtering that stuff out of SMTP traffic, but if admins can't be bothered to implement them for their customers, I don't know why they'd implement similar measures on other protocols.

    Put another way, if you run your own mailserver and still get spam and viruses, it's because you haven't chosen to address the problem. If you use someone else's mailserver and still get spam and viruses, it's because they haven't chosen to address the problem. Nothing stands between you and a clean inbox but motivation, whether your own or your ISP's.

    And no, broken hacks like DJB's "Internet Mail 2000" will never get real-world acceptance as they make it as difficult for legitimate bulk senders to broadcast as for spammers. SMTP is here to stay as the standard method for (somewhat) reliably routing messages between people on unaffiliated networks. Replacing it with a similar system with new pitfalls isn't the answer we're looking for.

    • . Understand this: spam and viruses will propigate through any message transfer protocol that will ever be invented.
      That's true, but so what? You act as though pointing out that no system will every be completely perfect in this regard was equivalent to saying that no system could ever be substantially better than the existing system in this area so as to warrant a change.
  • For one, it's simple to set up, doesn't require a dongle/ID, and it works 99.999% of the time. What we need is better spam recognition software bundled with OS's and mail clients so that people use it by default. If spam can't get through to most people, the sending of spam will become unprofitable and the problem will resolve itself fairly quickly.

    The solution to most phishing scams is to use a text-based e-mail client. No click-thru links means you can see the end URL and disbelieve it if it isn't th

  • And replaced it with Slashdot! Anonymous Cowards of the world rejoice!
  • Interesting... (Score:2, Interesting)

    Kind of like telling the world we need to ditch cars as our primary mode of transportation because of the evils of pollution...

    Well, one surefire way to lock it down would be to make it a closed system... (waits for incoming fire)
  • by Anonymous Coward
    Who's the first one who wants to actually do it?! Go ahead, ditch e-mail! Yeah sure, I'm sure that will happen! I wish I could go back to the eighties when doing IT jobs was still fun. We had no e-mail back then. No cell phones either. You could read the newspaper and smoke a cigar on your lunch break. We used to go to the restaurant in downtown and eat lunch there. There was no hurry and we fucking knew every single piece of our systems we administrated back then. Now it's impossible to know everything and
  • by plasmacutter (901737) on Friday June 02, 2006 @11:37AM (#15454491)
    As much as I hate to admit it, copyright treaties have been extremely successful in perpetuating the DMCA.

    why not use it for something beneficial for a change, and introduce treaties to the UN for the harsh enforcement of anti-spam measures.

    Once the international safe havens are removed or severely curtailed, there will be less of it, and everyone but the ad nazis and the "big data" industry which has arisen to serve them will be better off.
  • Right...... (Score:5, Insightful)

    by Puls4r (724907) on Friday June 02, 2006 @11:38AM (#15454498)
    And of course, the NEW system won't be vulnerable to ANYTHING - right?

    No, wait, let's think that through. Let's take video games as the paradigm. Every year companies spend upwards of 20 million per video game. Every year, they come out with the newest, latest, greatest in copy protection. This copy protection is only limited by their imaginations (and the hardware). And yet days after release, and sometimes prior to release, their code is hacked, cracked, and distributed.

    This author somehow thinks that going back and redoing everything will fix it. The author is naive.

    Call my analogy a bad one if you will, but the SECOND you put ANY type of system into the hands of the criminals / spammers, they will find ways to exploit it. This is proven time and again.

    How exactly does this new email system stop phishing? Oh, right, it can't. Have a link, go to a malicious website, etc. How exactly does this new email system stop users from clicking executables thinking that they are going to see nudie pictures of Katie Holmes? They don't. How does this new email stop virii? It won't.

    Encrypt your email if you want security. Password protect your account. Use filtering to dump spam before you read it.

    OH, and I forgot to mention - I'll be sending you a snail mail letter that looks completely official. It's about a man I met in Nigeria, who has some money he'd like to give you.
    • Re:Right...... (Score:3, Informative)

      by Jeremi (14640)
      How exactly does this new email system stop phishing? Oh, right, it can't. Have a link, go to a malicious website, etc. How exactly does this new email system stop users from clicking executables thinking that they are going to see nudie pictures of Katie Holmes?
      They don't. How does this new email stop virii? It won't

      Nothing is perfect, but having reliable source authentication (so that everyone can easily tell which emails are really from PayPal and which are from criminals pretending to be PayPal) would g

  • Yeah, right... (Score:3, Insightful)

    by zeromemory (742402) on Friday June 02, 2006 @11:39AM (#15454509) Homepage
    Since we're thinking about ditching email, when are we going to ditch snail mail?

    Anyways, these suggestions for improving email are full of fancy features (hashing and compression!) but all they really serve to do is complicate the protocol. Right now, SMTP is so simple that it can be implemented by the tiniest of embedded systems. Take that away and whatever protocol you come up with probably will never be as popular SMTP.

    Besides, most of these proposed changes don't do too much to prevent spam without any of the questionable side-effects encountered with the current proposals to counter spam (ex., lost of anonymity, cost, proving identity a la SSL certs)...
  • ya know, In Korea, only old people use email.
  • by TINGEA77 (935076) on Friday June 02, 2006 @11:43AM (#15454552)
    If I'm to apply the same logic to regular mail, well, regular mail is doomed too; it's full of phishing, spam, and spoofing. I guess I'm not sending anything by mail from now on!! Duh!

    If you get a letter from a car dealer stating that you won $3000 in credit if you buy one of his cars, do you automatically go and buy one? NO. Same thing goes for email, you don't open all emails and follow all links blindly.

    The problem is with educating people how to use email and the Internet as a whole. When enough people stop being click-happy... spamers will lose interest as no one will be paying for such a service, and phishers/spoofers won't find enough people to fall for their tricks.

    Simply, educate people about this powerful tool before you through them in! this is not only for email, it goes for anything to do with the internet and any form of communication as a whole.

    Just my $0.02.
  • by rueger (210566) on Friday June 02, 2006 @11:43AM (#15454555) Homepage
    I find that the people who gripe loudest about the problems with e-mail are the ones who have poor or no spam filtering.

    I guess I'm lucky that I have an ISP [magma.ca] who takes spam blocking seriously, using a combination of Brightmail and a user configuarable Spam-Assassin install that seems to block 98% of spam and which has virtually no false positives. On the weeks when I monitor it, they may mis-label one in several tens of thousands of messages, usually from mailing list or other source that just barely triggers the filter.

    Most people assume that the lousy, error prone spam blocking offered by many ISPs is the best than can be acomplished. That's simply not true.

    Unlike the article author, I still find e-mail a reliable and essential tool, and can't see a need to make significant changes at this time.
    • "...virtually no false positives."

      I get virtually no personal email. Virtually no false positives means I will be losing personal email.

      Most of these stats are based on the idea of dividing false positives by the number of emails received, rather than false positives against legitimate emails.

      Spamassasin lost about 1-2% of my legitimate mail. It's unpredictable and it makes email unreliable.

      Not that I have a solution, just to say that for me, this kind of filtering is not it.

  • The article says that email is a problem because you can't take an inscure, open form of communication and use it for secure, private stuff. How insightful.

    I must have 6 email accounts. What's wrong with adding a secure, whitelist-only account that I use for all communication involving banking, law, etc? Secure mail protocols already exist. This could be a value-add service for ISPs to do the hard parts. All it needs is an extra step when I want to add allow a new sender, that they provide their mail s
  • ...about the US Mail and look how well it... never mind...

    Seriously, this is old news. Very old news. What is everyone waiting for? If someone were to lob a few million USD my way I'd put together a legion of highly-talented programmers and we'd go out, write some new, more secure protocol and be done with it. Anyone got some venture capital lying around they're not using? It's all fine to argue that there are more secure email systems and talk about signing emails to make them more trustworthy, but it's

  • ... all the people who have no experience with programming are going to jump into this saying how they would do it much better. "SMTP needs to be rewritten!!", is the rallying cry. I've seen it before when spam first started making an appearance and now we're going to see it with a vengeance. The worst thing is that most users think of e-mail as JUST e-mail. They have no idea that their inboxes are held on a POP3, IMAP or possibly other proprietary server. So when they start crying out about spam they
  • I kind of knew NNTP was dead when all the "community" websites were starting to putting up software like vBulletin [vbulletin.com], Yahoo! Groups [yahoo.com] and such. Communities, or people with a common topic to discuss, had to flee NNTP because they were first hit by spam [mailmsg.com]. But this turn from NNTP to self control seems to be way easier than Email 2.0. Being in sales, I will always need a way to give someone a business card and have them email me as easily as possible. I can't see a way around this right now that doesn't keep the
  • Curb Spammers (Score:5, Insightful)

    by Robber Baron (112304) on Friday June 02, 2006 @11:59AM (#15454705) Homepage
    What somebody needs to do is curb the fucking spammers!

    And I don't mean "curb" as in curtail their activity, I mean "curb" as in stick their fucking heads on a curb and stomp on them!
    • But I think there are better things to do. For instance, setting up an international task force that does nothing but go after these bastards. Sort of a Jack Bower / CTU kind of organization that tracks the sales these sites make and goes after them.

      I agree with those who suggest that as long as there's email, there will be spam. Therefore, the only real option here is to make it not so profitable.

  • So it'd be quite hard to avoid spam, phishing and other nasty stuff.
    Because it's not supposed to be based on invitations or similar constraints.
    Better protocols and implementations are welcome, of course.
    But changing the email system is quite likely to kill it.

  • I mean, someone with the right knowledge can break into your car and steal it before you even know it's gone! And then we have drunk drivers, car accidents, and loads of other problems. Never mind that not everyone can take public transportation, AWAY WITH CARS.
  • FTP is not dead. Usenet is not dead. Nothing is dead, it just falls out of common use. AFAIK, you can still use Gopher if you want to.

    Fact is, as different protocols fall out of favor, they can be used with more impunity by people who would avoid the eye of law enforcement and morality enforcement.

    Example: When you hear about "crackdowns on child porn" in the media, the agencies doing the crackdowns are invariably described as "going after websites." Never is there any mention of Usenet, IRC. Just "web
  • by Exter-C (310390) on Friday June 02, 2006 @12:10PM (#15454809) Homepage
    As a systems administrator working on a few large scale mail servers the 'investment' required to cut spam and virus emails is very low if the system has been designed properly. I use open source tools on a system with in excess of 150,000 active users and it costs nothing in licenses and its on four servers and a central NetAPP filer for the mailstore. Realistically if we distribute the total cost over the user count and support issues are very low. its simple design the system. Our email service uses the following
    -Qmail, vpopmail, simscan, spamassassin and clamav. On a userbase with the amount of users we have its very easy to distribute, its easy to scale and the performance is great.
  • This is pretty rediculous, to say the least. G-mail won't dissapear, it will evolve. Gmail is a great example of how great the convergence of e-mail and instant messaging can be. I'll be the first to admit that the combination of Gmail and Gtalk have changed how I communicate on a daily basis with friends and family.
  • Seriously. We need to ditch email instead for MySpace style blogs and instant messages for our communication. For reals.
  • by penguin-collective (932038) on Friday June 02, 2006 @12:16PM (#15454873)
    The problem with E-mail is the store and forward model of the servers, which allows people to inject spam, remain unaccountable, and impose the costs on others. That design made sense 20 years ago, but it doesn't today.

    The solution is fairly simple: change to a different E-mail protocol; one simple approach is to have a protocol in which the sender stores the message until deliver and the only thing that gets delivered to the recipient is a small notification.

    On a related note, it really is pretty silly as well that there is SMTP in addition to IMAP; in the future, the client-to-server protocol might well just be simple IMAP (with an "outgoing" folder), and there can be a separate server-to-server protocol like the one described above.
  • by Animats (122034) on Friday June 02, 2006 @01:05PM (#15455398) Homepage
    The real problem is zombies, Windows PCs taken over by malware and used to host spammers. As long as armies of zombies exist, and can impersonate the owner of the computer, nothing will work. Charging for mail won't work because the zombies will spend their host's money. Source authentication won't help because the zombies will use their host's identity. Until the armies of zombies can be slain, we cannot win.

    But the zombies are vulnerable. The lamest Windows OSs, the DOS/Win95/98/ME family, are slowly dying off. XP is at least potentially fixable, and Vista is much tighter.

    We've made real progress. It's tough to send spam today without committing a felony. Spammers are routinely going to jail. Spam as a means of even vaguely legitimate marketing is dead. Spam-friendly hosting is getting harder to find. Ironport gave up selling its "spam cannon" rackmount spam sender. Spam filtering is better than ever. Spammers have been reduced to using zombies because anything more direct gets them hammered.

  • by Have Blue (616) on Friday June 02, 2006 @01:21PM (#15455552) Homepage
    Your company advocates a

    (X) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (X) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (X) It will stop spam for two weeks and then we'll be stuck with it
    (X) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (X) Requires immediate total cooperation from everybody at once
    (X) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (X) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (X) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    (X) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Extreme stupidity on the part of people who do business with Microsoft
    ( ) Extreme stupidity on the part of people who do business with Yahoo
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    (X) Outlook

    and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    (X) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (X) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid company for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
  • by jrifkin (100192) on Friday June 02, 2006 @01:33PM (#15455650)
    What makes Spam and Malware unmanagable is the sheer number of vulnerable and hacked systems.

    When vulnerable boxes disappear, the bad guys would have little ammunition. My guess is that over
    time, as computing matures and our OSes stabilize, security holes will be plugged faster than they
    are created. When that happens, vulnerable boxen will become rare, and the bad guys will find it
    harder and harder to send Spam and Malware with impunity.

    And then the rainbows will soar and unicorns will return.
  • by Wesley Everest (446824) on Friday June 02, 2006 @02:31PM (#15456313)
    I'm all with you about needing a secure alternative, but then I hear stuff about mandatory ID, etc.

    Corporate whistleblowers, Chinese democracy activists, union organizers, etc. all have a legitimate reason to want to be able to send an email without it being traced back to them. How do we support that without opening the floodgates for spam/phishing/etc?

    Essentially, I should be able to somehow generate an ID, where I am the only one that can connect the ID to my person. At the same time, if I send an email, my recipient will receive it - they will be aware of the fact that the email is from someone who is hiding their personal identity, but some other form of information will be connected with that ID that shows that the email can be trusted more than some bulk-mailed viagra ad. Ideally the system would not require human intervention to screen. For example, maybe the ID is such that it requires 1 week of CPU-time to generate, and the encryption method has a secure method for storing the total number of emails sent using the ID.

    This way, a spammer would have to have acess to a million machines for a week to be able to send 10 million emails with a ID that has a count of less than 10.

    On the receiver end, they would get the email, and it would be flagged as unsolicited and anonymous, but they would know that I've only sent 5 other emails with the same ID and that the ID was difficult to obtain.

    The basic idea is that with each email you receive, there would be a set of information that you are guaranteed to know about the sender, with some of it optional. The email reader would only accept mass emails from trusted known IDs, but non-mass emails could come from anonymous IDs.

    Another possibility would be some form of trusted anonymous emails. Without further external knowledge, a single message from that ID would not be trusted, but it would be possible for an ID to create some form of trust structure. For example, imagine you anonymously donate $100 to some charity, using the ID. Then you send an email using that ID to people who respect that charity. The message header would include information that would allow automatic verification that the same ID was used for the donation and the email. The receiver would then be fairly certain that the message was not spam, but they couldn't trust it enough to give out their credit card number or other info.

    Anyway, this is the sort of thing I'm thinking of - decentralized, and secure in the sense that the sender and receiver can in some secure way communicate a level of trust to each other without outside interference or exposure.

I am the wandering glitch -- catch me if you can.

Working...