Don't believe me? 467,000 Googlepoints can't be wrong. So it's not just me I guess.
I just got a bounced message that was some spam. I look a little closer to find that someone out there is using one of my e-mail addresses as the FROM address for their spam! They aren't relaying it from my server-- they couldn't do that, but there's nothing to prevent ANYONE from sending an e-mail in someone else's name. Now to a technically educated person, it's easy to find out if it really came from me or not, but to most people it looks as if I'm blatantly spamming people.
That's the short version of this post. To get my full opinion, keep reading...
Ok-- let's delve into the reasons why email sucks.
Well, it's fresh on my mind so it's my first point. I can send out an email from email@example.com to firstname.lastname@example.org or whomever I please. There's no way to enforce the "From" field with the email protocol/standard that is in use today.
From Address is Optional
Forget impersonation-- the From address isn't required at all.
A spammer can sometimes connect to an email server he/she doesn't own and use it to send out their spam. Mail servers can be configured to prevent this and fortunately more and more are stopping this practice, but there are still plenty of open relays out there.
Problem: Spam in General
I get far more spam than I get personal email. For every piece of personal email I probably get 2 or 3 pieces of spam. That's just not right. It's gone far beyond being a nuisance-- it's an epidemic that is costing everyone a lot of money (The European Union estimates as late as last year that it's a 8 billion dollar problem-- annually!). It wastes time to download and delete those messages and it wastes bandwidth and clogs networks and mail servers in the process.
Once upon a time, you could imagine that someday the spam problem would eventually go away-- people would figure out that spam just doesn't work. But I think by now most people realize that spam is here to stay, unless things change.
Problem: Email-Borne Viruses
Most everyone has gotten one or a hundred of these. Hopefully you haven't been a victim of one, using your computer to send out more copies of itself or worse, doing real damage to your files. Here's another email related problem that is costing billions. Some of the most effective email viruses are self-propagating--they're called 'worms' and can send themselves to your friends and co-workers after they've infected your computer. A single worm can spread very quickly infecting millions of computers and can cost billions in bandwidth, clean-up costs and lost time.
Problem: Annoying Forwards from Friends
This is a pet peeve, not really a serious problem I suppose. But I hate getting something that's been forwarded a hundred times over. Things like hoaxes (remember the Halloween mall terrorist threat or "Bill Gates will pay you $1 for every person you send this email to!"?) and chain emails (send this to 5 of your friends or you will be cursed!) are the worst.
Solving the Problems-- A Smart Email Client
So the fact of the matter is that 'free' email is not really free. In fact, it costs a lot of money. Maybe not to you personally, but it affects your ISP, your employer, your government (and you effectively since you probably pay taxes to the government). So let's consider a solution to all of the above problems. I think it can be done with a smart email client.
Solution: Built-in Spam Filtering
A product I use at home is SpamKiller-- it's a spam filter that does a pretty good job identifying spam by a series of rules that you can keep the filter rules up to date. SpamKiller also lets you send constructed 'bounce-back' messages to the spammer to make it look like your email address is invalid. And it offers a 'report abuse' feature where it can send a complaint message to what it determines to be the email administrator or complaint email address of the server that the spam came from.
The smart email client would have similar filters and features in place, but the primary line of defense would be that of trust.
Solves: Lack of 'From' address, majority of spam.
If you can trust someone, you shouldn't have any problems receiving email from them. By default, your smart email program doesn't trust anyone. You have to tell it who you trust. Perhaps you tell it that everyone in your address book is to be trusted-- that will take care of most of your personal email. So what happens if someone you don't trust sends you an e-mail? Well, it gets sent right back to them with a message like this (you'd be able to customize this):
your email address is not recognized.
To request authorization for emailing to email@example.com,
please reply to this automated message and provide the
Your full name
Upon receipt and acceptance, your original email will be
received-- you do not have to re-send your original message.
Apologies for any inconvenience.
So the person that sent you the email gets this response and if they are trying to reach you, they will respond and their response will become an authorization request-- a special message that you can review or reject. (By the way, the message above would be programmatically signed in such a way so that two smart email programs wouldn't spark an infinite loop of rejecting messages to each other.) The original email that your smart email program rejected has been preserved for a time in case you do authorize that person. Upon authorization, the email will be placed into your Inbox. The trust system can also be used to identify people who violate their trust by sending you chain emails and the like-- simply change their level of trust so their emails can be marked appropriately.
Untrusted messages that get trashed should be shown in plain text if viewed-- viewing HTML emails from spammers can 'phone home' to the spammer that their message got through.
Microsoft should implement these trust features right away-- it would really help their new 'Trustworthy' campaign.
Solves: Impersonation, lack of 'From' address, any spam that escapes the spam filter, emails from friends that forward annoying messages can be marked for closer scrutiny.
Solution: NO Scripting
I don't think there is any reason to have any form of scripting in an email message. Hyperlinks can always take you to a web site. When was the last time you emailed someone a scripted application? Scripting is only used by two groups of people: spammers and virus writers. The enemy. So take their most powerful tool away from them. Scripting must go.
Solves: email viruses that utilize scripting techniques.
Solution: Antivirus Software
Aside from the smart email software, you really need a good antivirus package. It will prevent any virus you might receive from someone or from some web site from wreaking havoc on your system-- or worse-- damaging others on your network-- or even worse-- sending copies of itself by email to your friends and family. Today's antivirus software can even scan the email messages you receive. Just make sure you keep it up to date because new viruses appear daily.
Solves: email-borne viruses
Solution: Smarter ISPs and Email Postmen
Mail server administrators really need to disable the relaying features on their servers. That capability allows spammers to hide their tracks. Once relaying is stopped, it will be easier to identify the ISPs that are really the sources for spam. Once they can be identified action can be taken. Better yet-- how about a Sendmail that turns open relays off by default or Linux server distributions that disable open relays in their default mail configurations?
Solves: relaying and the wasted bandwidth it causes when abused by spammers.
Is it Fixed Yet?
So what issues have we solved? Most if not all of them. It might not be a 100% solution, but I'd settle for 99% and wade through the occasional forwarded spam message I get from trusted friends.
Perhaps a better approach to solving email is to define an entirely new mail protocol and wait for everyone to adopt it. It may happen some day, but in the meantime, we can solve these problems if we're smart about it.
Email is perhaps one of the killer apps of the 20th century, but now it's really killing us. I think "Smart" email software is a killer app for the 21st century.
- You've Got Junk Mail, St. Petersburg Times, March 5, 2001
- Spam feeding anger on Internet, Chicago Tribune, January 7, 2002
- Code Red worm has cost $1.2 billion so far - study, Infoworld, August 1, 2001
- SpamKiller, Novasoft
- Spam Buster, ContactPlus Software
- Coalition Against Unsolicited Commercial Email