Kelly Martin, 2006-05-30
Kelly Martin takes a step back from e-mail's unstoppable phishing-virus-spam epidemic and imagines a world where secure e-mail could be the next big killer app.
Colapse all |
Post comment
Abandon e-mail!
2006-05-31
Anonymous (6 replies)
Anonymous (6 replies)
Re: Abandon e-mail!
2006-05-31
Anonymous
Anonymous
From my understanding the base-64 encoding used in modern email is a dirty hack to make RFC-821 actually support anything more than ASCII text. Unfortunately that makes the encoded output only about 74% space efficient on average. Is it not time we revisited the whole encoding scheme?
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: Abandon e-mail!
2006-05-31
Paul
Paul
I agree. I engineer solutions based on existing anti-spam / anti-virus / encryption technologies, all seamless, all invisible to the users, all those good things. As long as users remain users and there is profit motive behind spamming or other malevolant use of email, there will be a way found to p...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Abandon e-mail!
2006-05-31
Anonymous
Anonymous
I think this comment misses the point somewhat - the current crop of 'secure e-mail' plug-ins are little mosr than dirty hacks. The underlying system is still open, and can be readily abused regardless of what content layer protection is applied to the bodies of messages.
Products like PGP offer ...
[ more ] [ reply ]
Products like PGP offer ...
[ more ] [ reply ]
Re: Abandon e-mail!
2006-05-31
J
J
YOU can do all that, but your father, grandmother, and company CEO can't, and can't be bothered to learn how. Getting normal end users to give security a second thought is like pulling teeth. With the current system, adding onto it just "adds steps" and "makes things confusing" to the average end ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Abandon e-mail!
2006-07-27
Anonymous
Anonymous
I can imagine yourself sitting on your desk working in the security environment .. blaming the 'normal' users of the internet for the current problems we have.
It is very true that if everyone would first check where the emails came from, blocked abusing emails from senders, wouldn't use any of the...
[ more ] [ reply ]
It is very true that if everyone would first check where the emails came from, blocked abusing emails from senders, wouldn't use any of the...
[ more ] [ reply ]
Rubbish! What are the probIem ISSUES ????
2006-05-31
Dom De Vitto (1 replies)
Dom De Vitto (1 replies)
What rubbish.
The problems with email focus around sender authentication, which has a dozen or so simple, proven protective measures.
Take SFP for instance, which could eliminate SPAM when combined with some simple rules to define the level of "trust" for sending domains.
People have considered...
[ more ] [ reply ]
The problems with email focus around sender authentication, which has a dozen or so simple, proven protective measures.
Take SFP for instance, which could eliminate SPAM when combined with some simple rules to define the level of "trust" for sending domains.
People have considered...
[ more ] [ reply ]
Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Jeff H (1 replies)
Jeff H (1 replies)
SPF as it is correctly acronymised does not solve all issues.
Firstly it is a network protocol, it does not authenticate that I sent an e-mail, only that someone on my domain did.
Secondly, neither it nor in fact signing cope well with portable e-mail addresses. If I use a forwarder as a From ...
[ more ] [ reply ]
Firstly it is a network protocol, it does not authenticate that I sent an e-mail, only that someone on my domain did.
Secondly, neither it nor in fact signing cope well with portable e-mail addresses. If I use a forwarder as a From ...
[ more ] [ reply ]
Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Anonymous (1 replies)
Anonymous (1 replies)
We already have that. It's called an x.509 certificate, and many e-mail clients today support it's use automatically (certainly Outlook Express, Outlook and Thunderbird do). It's completely portable, tied to the person and not the ISP or e-mail address, and not tied to any one vendor's software.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-06
Jeff H (1 replies)
Jeff H (1 replies)
True, X.509 does provide a form of identity, if specified correctly. However, you point out yourself that the problem is trust.
Simply pointing to a protocol or standard and saying 'here, we have all these solutions' isn't enough if the infrastructure that supports them doesn't work or can't be t...
[ more ] [ reply ]
Simply pointing to a protocol or standard and saying 'here, we have all these solutions' isn't enough if the infrastructure that supports them doesn't work or can't be t...
[ more ] [ reply ]
The real problem with X.509 is...
2006-06-08
Roger (1 replies)
Roger (1 replies)
It falls between two stools of being too expensive for most home users to buy one (so 99.7% of my regular correspondents don't have a CA validated cert.), and yet too cheap to issue properly (so several % of CA issued certs weren't properly validated anyway).
If we make it cheap and easy enough s...
[ more ] [ reply ]
If we make it cheap and easy enough s...
[ more ] [ reply ]
Re: The real problem with X.509 is...
2006-06-20
Anonymous
Anonymous
Mayby you should take a closer look at the Danish model, where the goverment has been offering free X509 certificates, and all public services in Denmark are running a system, that can recieve and send encrypted and signed messages. I have been working on a lot of these projects and have been develo...
[ more ] [ reply ]
[ more ] [ reply ]
Abandon e-mail!
2006-05-31
Kevin Black (1 replies)
Kevin Black (1 replies)
As I see it the messaging infrastructure is here to stay. The uphill battle trying to change this will be near impossible and the opportunity for abuse by patent holders and such with a new system is too great.
There are two issues with e-mail. E-mail is not secure and there is no standard wides...
[ more ] [ reply ]
There are two issues with e-mail. E-mail is not secure and there is no standard wides...
[ more ] [ reply ]
Re: Abandon e-mail!
2006-06-01
PDC (1 replies)
PDC (1 replies)
The poster is correct, to a point. There does need to be some international identification scheme if we decide that we actually need a trusted e-mail system.
However, the postal mail system has existed and worked perfectly well for many, many years with absolutely no attempt to engineer in a send...
[ more ] [ reply ]
However, the postal mail system has existed and worked perfectly well for many, many years with absolutely no attempt to engineer in a send...
[ more ] [ reply ]
Re: Re: Abandon e-mail!
2006-07-12
Anon
Anon
PDC,
In my opinion the analogies that you draw on in your post seem overly generalized. For example, you say that we use the postal mail system without attempting to use a sender authentication system--even though bad things are sent through postal mail.
While this is true, there are other dif...
[ more ] [ reply ]
In my opinion the analogies that you draw on in your post seem overly generalized. For example, you say that we use the postal mail system without attempting to use a sender authentication system--even though bad things are sent through postal mail.
While this is true, there are other dif...
[ more ] [ reply ]
Abandon e-mail!
2006-06-01
Anonymous (1 replies)
Anonymous (1 replies)
As if ... I was discussing with a friend this afternoon just some of the issues you raise. Along with this we were discussing the problems people have with the way the simple mail system has become distorted by html based mail and the problems people have with forwarding the new complex mail struct...
[ more ] [ reply ]
[ more ] [ reply ]
Abandon e-mail!
2006-06-01
Erik N
Erik N
There is no way you can get rid of the spam/scam problems when you want to enable users unknown to eachother to establish a communication. At least not unless you add a cost. Your own idea won't work as long as spammers can get hold of large bot nets where each host will only send 1000 mails.
May...
[ more ] [ reply ]
May...
[ more ] [ reply ]
Abandon snail-mail!
2006-06-01
Phlash (1 replies)
Phlash (1 replies)
Interesting article Kelly, a similar situation of course exists with snail mail, 90% of which can be junk mail (isn't snail mail where the term came from?).
In this case however, there are some deterrents to the spammers: in the UK we have the Mail Preference Service (http://www.mpsonline.org.uk)...
[ more ] [ reply ]
In this case however, there are some deterrents to the spammers: in the UK we have the Mail Preference Service (http://www.mpsonline.org.uk)...
[ more ] [ reply ]
Re: Abandon snail-mail!
2006-06-01
Anonymous (1 replies)
Anonymous (1 replies)
We talk about the fact that people won't pay for email. What about a system where you pay a tiny fee (1 penny) for each person the email is sent to and when you read the email you receive that same payment.
The average person probably sends and receives about the same number of emails once you take...
[ more ] [ reply ]
The average person probably sends and receives about the same number of emails once you take...
[ more ] [ reply ]
Re: Re: Abandon snail-mail!
2006-07-12
Anon
Anon
That's an entertaining idea and almost crazy enough to work. The main problem I see with it, besides being virtually impossible to get it adopted, would be how to enforce it. We already have the problem that it is difficult to tell for sure where an email is coming from--hence the problems with phis...
[ more ] [ reply ]
[ more ] [ reply ]
Um, I Have Your Solution
2006-06-01
Reynolds Kosloskey (3 replies)
Reynolds Kosloskey (3 replies)
Yes, that's right. I have an email box that now receives less than 1 spam every week or so. I used to have over 200 per day.
The same goes for my wife. No, we do not have to *pay* for email or require those sending to us to pay a fee. We do not use bay filtering, or fuzzy logic mechanisms. W...
[ more ] [ reply ]
The same goes for my wife. No, we do not have to *pay* for email or require those sending to us to pay a fee. We do not use bay filtering, or fuzzy logic mechanisms. W...
[ more ] [ reply ]
Re: Um, I Have Your Solution
2006-06-01
kwesi (1 replies)
kwesi (1 replies)
Simplicity is often overlooked my the masses.
Your suggested solution would work however most people use web based email and as such rely on their email service providers to filter out the junk mail. Although the main reason that spam and other threats to e-mail continue is due to the trait shar...
[ more ] [ reply ]
Your suggested solution would work however most people use web based email and as such rely on their email service providers to filter out the junk mail. Although the main reason that spam and other threats to e-mail continue is due to the trait shar...
[ more ] [ reply ]
Web Based Email
2006-06-01
Reynolds Kosloskey
Reynolds Kosloskey
Merak Mail Server is an example of a web server that utilizes Challenge/Response. Cashette is a free web-based email service with 100MB of storage and Challenge/Response. SystemLogix "Anti-Spam" supplies add-ons to SendMail Server (popular smtp pop server) enabling Challenge/Response (they call it...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Um, I Have Your Solution
2006-06-02
Mr. Mail
Mr. Mail
this works as far as protecting your personal e-mail box. I'd find it impractical to have 'spam' mail binned and discarded because my contacts (which may be customers !!) forgets/refuses to send the response mail to my challenge.
This problem should be handled on the server and abstract users & ...
[ more ] [ reply ]
This problem should be handled on the server and abstract users & ...
[ more ] [ reply ]
Re: Um, I Have Your Solution
2006-07-12
Anon
Anon
I think that the challenge-response idea is certainly useful, but I do not think it is necessarily an end all solution.
I for one receive emails from an automated scripts that cannot be replied to, yet it is imperative that I receive these emails. An example that comes to mind is from the Univer...
[ more ] [ reply ]
I for one receive emails from an automated scripts that cannot be replied to, yet it is imperative that I receive these emails. An example that comes to mind is from the Univer...
[ more ] [ reply ]
Abandon e-mail!
2006-06-01
Paul Kosinski (1 replies)
Paul Kosinski (1 replies)
What would be very helpful is for all SMTP relays to eventually adopt one of the (open and free) protocols on top of SMTP that requires the sending host of each SMTP relay to perform a non-trivial computation, like the computationally intensive "Hashcash" (http://www.hashcash.org/) for each recipien...
[ more ] [ reply ]
[ more ] [ reply ]
Abandon e-mail!
2006-06-01
JeHicks
JeHicks
I think your article is brilliant, right on the spot.
I spend all day using email as i work for a major blue chip company in Bristol and it is useless. I would like to see read reciepts as standard in a new mail protocal, just like SMS delivery reports are available to almost all.
Also direct...
[ more ] [ reply ]
I spend all day using email as i work for a major blue chip company in Bristol and it is useless. I would like to see read reciepts as standard in a new mail protocal, just like SMS delivery reports are available to almost all.
Also direct...
[ more ] [ reply ]
Abandon e-mail!
2006-06-02
Brush-Head
Brush-Head
What about X400? Proven security etc the only thing thats reduced (or even killed it off completely) except for the military and other secure areas was the cost of maintaining it - and therein lies another solution.
I don't normally like to agree with his Gateness, but I think his idea of making it...
[ more ] [ reply ]
I don't normally like to agree with his Gateness, but I think his idea of making it...
[ more ] [ reply ]
Treat the patient, not the disease
2006-06-02
Rumith
Rumith
AFAIK, the lion's share of spam and other nuisance doesn't come from powerful servers on the crossroads of the Web. Nor it comes from the machines legally belonging to those who earn on spam. It comes from infected MS Windows-operated computers. A year ago I would say that there were two possibil...
[ more ] [ reply ]
[ more ] [ reply ]
A bottin
2006-06-02
lucmars
lucmars
Don´t think that is a matter of technology in first. What´s the difference with your real mailbox and even your phone number through which you can be sollicited ?
One better have to rise a bottin or a directory and one opts to let appear the address or not.
Then, the technology can bring somethi...
[ more ] [ reply ]
One better have to rise a bottin or a directory and one opts to let appear the address or not.
Then, the technology can bring somethi...
[ more ] [ reply ]
Interesting article, but bad wording and (somwhat) wrong sort of solution
2006-06-02
Anonymous
Anonymous
I find the article interesting because I've been thinking along much the same lines recently. However, there are two things that I strongly disagree with in the article.
The first is that we shouldn't talk about abandoning e-mail. That's nonsense. E-mail is just a way of delivering messages from ...
[ more ] [ reply ]
The first is that we shouldn't talk about abandoning e-mail. That's nonsense. E-mail is just a way of delivering messages from ...
[ more ] [ reply ]
Abandon mail, too?
2006-06-02
Anonymous
Anonymous
"And email is a terrible mess. It's dangerous, insecure, unreliable, mostly unwanted, and out-of-control. It's the starting point for a myriad of criminal activity, banking scams, virus outbreaks, identity theft, extortion, stock promotion scams, and of course, the giant iceberg of spam."
Sounds ...
[ more ] [ reply ]
Sounds ...
[ more ] [ reply ]
Abandon e-mail!
2006-06-02
Anonymous (1 replies)
Anonymous (1 replies)
As the owner of a legitimate autoresponder service that used double-optin lists in full CAN SPAM compliance, I am now having to close down my business.
Why? Simple - the major ISPs are simply dumping what they consider to be bulk email. No bounce messages, just dump it all.
The sender, of co...
[ more ] [ reply ]
Why? Simple - the major ISPs are simply dumping what they consider to be bulk email. No bounce messages, just dump it all.
The sender, of co...
[ more ] [ reply ]
Re: Abandon e-mail!
2007-07-25
Anonymous
Anonymous
Your insane buddy. The Big ISPS use black lists. We don't just dump email. We subscribe to blacklists of servers that are known to send out spam either to spam traps or other things. If your not getting email through and it just drops the problem is your probably on a black list and the ISP has chos...
[ more ] [ reply ]
[ more ] [ reply ]
You're crazy and uninformed!
2006-06-02
Anonymous
Anonymous
Now that we have that out of the way :)
The problem remains that the achilles heel of any such replacement system, much like the current one, will continue to be the typical user in all their glorious gullibility. Any enhancement to human communication in whatever form simply exacerbates this fun...
[ more ] [ reply ]
The problem remains that the achilles heel of any such replacement system, much like the current one, will continue to be the typical user in all their glorious gullibility. Any enhancement to human communication in whatever form simply exacerbates this fun...
[ more ] [ reply ]
Abandon e-mail!
2006-06-02
Anonymous
Anonymous
Great article. I wholeheartedly agreed. Except...
You write "I enjoy the thought of a spammer needing a giant Bewolf cluster ranked rather high up in the Top 500 ... list of supercomputers to send one piece of spam to ten million people." But what you didn't think about is _legitimate_ mass mail...
[ more ] [ reply ]
You write "I enjoy the thought of a spammer needing a giant Bewolf cluster ranked rather high up in the Top 500 ... list of supercomputers to send one piece of spam to ten million people." But what you didn't think about is _legitimate_ mass mail...
[ more ] [ reply ]
Abandon e-mail!
2006-06-05
ITDefpat
ITDefpat
Replace simple mail protocol with something simple
and ubiquitous
- like the web, webservices
maybe we already have the solution - an XML derivative
-provide a secure method of webmail (e.g. hushmail)
-combine with ws* security protocols - encrypt, -sign, authenticate through the path are a...
[ more ] [ reply ]
and ubiquitous
- like the web, webservices
maybe we already have the solution - an XML derivative
-provide a secure method of webmail (e.g. hushmail)
-combine with ws* security protocols - encrypt, -sign, authenticate through the path are a...
[ more ] [ reply ]
This is silly.
2006-06-06
Anonymous
Anonymous
Oh why thank you. And your proposed solution is what?
You completely discount the biggest problem with replacing e-mail with anything: 90% of the people on the internet don't know diddly. And those same 90% don't want anything to change. They spent lots of time and effort just to get to understan...
[ more ] [ reply ]
You completely discount the biggest problem with replacing e-mail with anything: 90% of the people on the internet don't know diddly. And those same 90% don't want anything to change. They spent lots of time and effort just to get to understan...
[ more ] [ reply ]
The final solution
2006-06-12
Anonymous
Anonymous
The ultimate problem with email is that some misguided soul responses. Without any response there would be no spam. Perhaps someone could generate 10's of millions of spam using one of many available sources and with the aid of an attractive site, (perhaps viagra that you get free with your low cos...
[ more ] [ reply ]
[ more ] [ reply ]
Abandon e-mail!
2006-07-01
Richard
Richard
I Asure you that the problem has been solved already a program with protocalls has already been written and is now being tested and after considerable testing will be released! I don't expect that this will be believed by abyone, but since the main issue is to get it away from the spammers the and a...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]