JULY 2003 IN

Spam Destroys the E-Mail Standard

One of the best things about e-mail is the idea that anyone can send a message to anyone at virtually no cost. Unfortunately, this leads very quickly to one of the worst things about e-mail, which is that a few thousand people all over the world can send you millions of messages that you don’t want and couldn’t possibly find time to read. These rogue e-mail messages, popularly known as spam, already vastly outnumber the legitimate e-mail messages that people write and send. Worse, the volume of spam is increasing exponentially, and it is just a matter of time before spam completely overwhelms the e-mail system.

Too much attention is being given to stopgap measures that ultimately cannot solve the spam problem. Putting spammers in jail and trying to filter messages as they pass through e-mail servers is a lot of work that may buy the current system only a few extra weeks. Worse, it does little to prevent a possible future use of spam by military or criminal groups to disguise their activities for a brief time by disrupting communications. The only solution, ultimately, will be to abandon the current e-mail protocol and replace it with something more controllable.

The fundamental flaw in the current e-mail protocol is the way it treats senders, the machines and people who send e-mail messages. In security terms, the e-mail system treats senders as anonymous and trusted. If you want to send an e-mail message, the e-mail system lets you tell it what to do, and it doesn’t really ask who you are. This is the equivalent of leaving the car doors open and the keys in the ignition. We learned very quickly that that approach doesn’t keep cars safe, and it won’t work with e-mail either.

I hope engineers are already at work on a new e-mail system with a new protocol that gives greater control to the recipients of e-mail than to the senders. This new approach might seem backward if you think of e-mail as the equivalent of the interoffice mail that e-mail was originally based on, with messages going from one person to another. It is still true that most messages are sent to people. But the senders of most e-mail messages today are not people at all. Most messages now come from machines owned, broken into, or otherwise controlled by criminal enterprises. We cannot, for long, let the machines of organized crime rule our electronic communication. It should be the people who receive the messages who call the shots in an e-mail system, and it will take a new e-mail protocol to make that possible.

Fish Nation Information Station | Rick Aster’s World | Rick Aster