Journal ancientt's Journal: Email can and must be fixed 3
Email has a problem: spam.
More than 97% of all e-mails sent over the net are unwanted. You don't see most of them because they're filtered out (mostly) by Microsoft or your ISP or whatever, but they're there, sucking your money in development costs that are passed on to you when you pay for Internet service or for software.
You pay when you buy software, you pay when you pay for Internet service, you pay when you see far more advertisements than you need to for "free" email service. If you carefully minimize all possible costs, you still pay in lost opportunities as smart people who could be building better things are bogged down writing new tools to block spam.
Maybe you don't want to pay for the privilege of not getting 97% of the email sent to you, but that's the way it works, you don't want junk and there is no way for your computer to tell if you really want email so lots of money gets spent (on your behalf, costs passed on to you, thank you very much) to keep you from getting it.
Why, oh why must it be this way? Well, email is broken. It was built in a time when people trusted everyone using email to be respectable and act maturely. Yeah, it was *that* long ago.
Email servers accept email that has a valid destination. Email servers don't have a way of validating the sender, so servers are usually set to accept only mail that they are authorized to pass on. If you send an email to someone at Yahoo for example, your ISP takes your email and hands it off to a server designated by Yahoo to accept mail for it's customers. (Any server can accept any email, and servers used to accept mail that wasn't necessarily for their own customers, but this is called "open-relay" and is bad because it allows spammers to send lots of email, "bad" barely begins to cover it.)
Your server can't reject email that doesn't come from respectable people because there is no way to tell the good guys from the bad guys. The rules that determine how email has to work do not allow for any method of authenticating the sender. If you read a little, you can send an email that says it is from George Washington, Bill Gates, the president or your governor and there is no way to tell it wasn't.
"Email should validate the sender" seems a reasonable response, but if it tries to do that, then it breaks the rules (RFC) that everyone agrees on and then practically no email gets delivered which kind of defeats the whole purpose of email.
It is kind of a chicken and egg thing, if you set up your server to verify senders, then most email doesn't get through. If you don't, then anyone can send spam.
The rules don't allow for authenticated email, so the solution is to change the rules. If the server your email comes through changes the rules alone, then you stop getting email, but if every server starts giving preference to a new set of rules, then it can change over a couple years.
It is common to see people write steps with "???" as the third step and "profit" as the fourth step, but I will knowingly ignore that cliche. It is common to see people whip out the "reasons your proposal to fix email will fail" checklist, and I will knowingly ignore that too. If you're thinking of either one, please consider that I've already pondered them as well.
Steps:
- Write and get accepted a new RFC for email which includes a sender verification system. I will refer to this RFC as Email 2.0, but the name is not really important. There are a couple key points that must be built into the RFC:
* ISPs must have a method of determining who the real sender was and shutting down spammers.
* Email 2.0 must allow anonymous email without allowing it to be untraceable.
* It must be "free" to consumers, costs can be tied to voter's registration, or driver's licenses, social security numbers, employment or postal service but these are just possibilities not requirements (I can detail a potential system, even write the software for it and may be contacted if needed for this endeavor, but there are many bright minds that could be set the task.) - Governments and major corporations must implement Email 2.0, setting dates a few years in the future, one date when all email servers will give preference to Email 2.0 and a second date when no email which does not adhere to Email 2.0 will be rejected
- International email must either use Email 2.0 or be relayed from governmental servers which then have the onus of policing themselves or be responsible for having their countries' email blocked
Email can continue in the war between spammers and spam blockers. While it does, you and I are paying for it. If we must pay, let us pay for something worthwhile. I would rather pay the hidden costs for Email 2.0 than the hidden costs that come with hoping that my software and service providers are winning an escalating spam war.
Change the rules.
Should I pull up the form? (Score:2)
For now:
Write and get accepted a new RFC for email which includes a sender verification system.
What's the mechanism? How can you verify a sender?
* ISPs must have a method of determining who the real sender was and shutting down spammers.
In other words, you're trusting ISPs.
* Email 2.0 must allow anonymous email without allowing it to be untraceable.
Except that if it's not untraceable, it's not anonymous, either.
* It must be "free" to consumers,
In the way that Gmail is now?
costs can be tied to voter's registration, or driver's licenses, social security numbers,
So much for anonymity.
Governments and major corporations must implement Email 2.0, setting dates a few years in the future, one date when all email servers will give preference to Email 2.0 and a second date when no email which does not adhere to Email 2.0 will be rejected
Good luck with that. We can't even agree when to migrate to ipv6, which everyone agrees is a marked improvement.
International email must either use Email 2.0 or be relayed from governmental servers which then have the onus of policing themselves or be responsible for having their countries' email blocked
And how do you know it's a governmental server?
I would rather pay the hidden costs for Email 2.0 than the hidden costs that come with hoping that my software and service providers are winning an escalating spam war.
Well, I have a filter right now which works very, very well. It costs me additional bandwidth, and that's really it.
Re: (Score:2)
What's the mechanism? How can you verify a sender?
Verification of sender is already done with authenticated SMTP. We use Microsoftonline at work, and before that used LiveOffice a
Re: (Score:2)
Verification of sender is already done with authenticated SMTP. We use Microsoftonline at work, and before that used LiveOffice and before that hosted our own server, and all have the option to require authentication for sending mail. GMail offers the same.
In other words, an individual SMTP server can identify senders. That doesn't really solve the problem as long as we allow just anyone to set up an SMTP server -- but that decentralization of power is one of the great strengths of email.
the server that accepts the initial email also bears the responsibility of being able to stop accepting mail from a specific account, be it individual account holder or the third computer in the second row at the local library. The repercussion is that others can and will block the server if it fails to do so. Most US servers, not just the ones I used as examples, already have this ability, I am just recommending it be formalized.
In other words, this particular part of your proposal isn't really suggesting anything new, or anything that changes SMTP. But it's looking like I do have to go to the form:
Specifically, your plan fails to account for
(X) Armies of worm riddled broadband-connected Windows boxe