What is Digg?57 Comments
- djrtitan, on 10/12/2007, -1/+48Here's the link to the actual story: http://www.theregister.co.uk/2006/06/01/ditch_email/print.html
- lithite, on 10/12/2007, -3/+22Simply amazing. I think this is something that anyone with a little knowlege knew about. Certainly something needs to be done.
On a side note, I proposed something along the lines of scrapping SMTP to my model congress a few years ago. The class was an AP course and full of smart kids, but I dont think they got what I was saying. They thought it had something to do with censorship or something. Anyway, it failed. Important thing is, I think we all knew this was coming.
telnet server.com 25
helo
MAIL FROM:fakeemail@you.com
RCPT TO:rcptemail@gmail.com
message
.
Theres something not right about being able to do that. - Otto, on 10/12/2007, -0/+11Bah. The article is total nonsense. He goes on about security and encryption and so forth, and yes, all that should be fixed. A new protocol would let you do that.
But that has absolutely zero to do with his initial premise. He complains about viruses, and phishing, and spam... No amount of protocol engineering is going to fix those problems. Why? Simple: The system must be specifically designed to allow for those sorts of things, else it is not useful.
If I can't email somebody at random, if somebody can't email me at random, then where's the benefit of having the system at all? I mean, if I post my email address and somebody off the internet can't email me with just that, then posting my email address is entirely useless.
And if anybody can send me email, then so can spammers, phishers, etc.
Adding authentication and encryption and all the security you can dream up won't fix these problems, because they are not technical problems. They are human problems. Humans are scum. And as long as there's scum out there, there will be phishing and spamming and viruses propagated from person to person. A new protocol won't help a darned bit. - m242, on 10/12/2007, -0/+9
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
(X) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down! - nigel984, on 10/12/2007, -3/+10SMTP mail itself is not broken. It is broken by implementation!
SPF filtering works perfectly if implemented by system administrators. There are numerous other methods of achieving so called Email 2.0 but it all comes down to people adopting a unified method.
I think people have too much time on their hands... - SquirrelOnFire, on 10/12/2007, -3/+10Finally! All email will be done in AJAX...
- rhaikh, on 10/12/2007, -0/+7Quoted from the linked blog:
"To paraphrase that old adage about the weather, everyone complains about e-mail, but no one ever does anything about it."
Ok, so then we get to the real story... which contains...
Kelly Martin complaining about email, but not doing anything about it.
The suggestion given to stop spam is that all email should be heavily encrypted and thus require a lot of processing power to send a single message, therefore stopping mass emails. What about mailing lists? What about when processing power is unimaginably greater than it is today?
There's no answer here, just a lot of complaining about the weather. - Pile, on 10/12/2007, -4/+10It's not the protocol. No matter what protocol you use, there still needs to be a SYSTEM in place to authorize legitimate relays and distinguish them from rogue systems. Whatever protocol you use, spammers can just as easily adopt it, so the protocol is MOOT.
http://BSAlert.com/ - tempusrob, on 10/12/2007, -2/+8Erm, it's called Whitlisting, dude. Hardly anything new. But there exists a problem when one can spoof sender addresses, ya know?
- luke--, on 10/12/2007, -1/+7Somehow google has a magic spamfilter for gmail. I've recived maybe 1 spam in my inbox per month and about 334 total since I signed up about a year ago.
If google had some kind've a magic bullet for spam it would be great it if could get integrated into some kind've hardware spamfilter.
However, I doubt they have any such thing. - Otto, on 10/12/2007, -0/+5"Theres something not right about being able to do that."
With SPF implemented virtually everywhere now, you'll find that that no longer works. You can send it, it probably won't be received though. Not unless you control "you.com", that being the sender's domain name.
Try doing that with my SPF enabled domain name to an SPF enabled receiver, and you'll find that your faked email gets abruptly dropped by the receiving system. - thejadedmonkey, on 10/12/2007, -0/+4what happens when a spammer spoofs someone else's address, or even you@your_domain.com?
- luke--, on 10/12/2007, -1/+5This is on par with going from regular tv to hdtv. I think it will be a very long time until SMTP is replaced with something designed with all of the current spam nonsense in mind.
However, that day will be happy for the spam suffering - samdu, on 10/12/2007, -0/+4Configure your email client to only display (and send) plain text. No HTML, no Flash, no images, nothing'. Problem solved. Email was never meant for all of that other crap. That's what the web is for.
- SgnDave, on 10/12/2007, -0/+4"Layering protocols on top of one another is not the solution."
Spoken like someone who TRULY does not understand how computers are architected.
Layers are the fundamental strength of modern computing; they are critical to functionality and growth. The reason that the web works so well (along side of email, FTP, IRC, XMPP/Jabber, even *shudder* gopher) is that the entire internet's software did NOT have to be re-written to use it. The same thing for SMTP. Again, the key point is this: SMTP is not broken. What is broken is *how* people authenticate messages (viz., they don't). SMTP is a transport mechanism and nothing more. If someone calls you on the phone saying they are the bank, do you give up your account number immediately?
Arguing that SMTP should be replaced because of spoofing is like saying that HTTP should be replaced because of (web) phishing. (NB: phishing has been around since the advent of the touch-tone phone, for those who didn't know. We have yet to replace the telephone switch network because some people pulled a quick one over the phone.)
Note also, for those who obviously missed it, the "modest proposal" wording of the title... - darthmdh, on 10/12/2007, -0/+4Pile is 100% correct.
SMTP is not broken. It works perfectly fine. If anybody bothers to even read RFC2821/2822 you'll note that authentication is not within the scope of the protocol. If you want to authenticate the message delivered by the protocol, do it in the next layer up. How the heck is the mail server meant to know that the message is authentic? It's just a postal delivery van. There's been countless methods of authenticating mail messages that have been around for decades, eg PGP, that work perfectly fine and don't rely on needlessly messing with one of the Internet's fundamental operating protocols.
I'm really reminded of the classic Internet adage; "Those who don't understand Unix are doomed to reinvent it - poorly". s/Unix/SMTP/ - catpounce004, on 10/12/2007, -0/+3The guy makes suggestions that indicate he has only a basic knowledge of networking. He offers no firm foundation for the changes and more importantly, no real incentive. Looks to me like it's more of a complaint than a "proposal". Suggestions are nice, but a call to action with no firm plan is just hot air.
- Urusai, on 10/12/2007, -1/+4Gee, I wish I had that idea. Oh right, I had it years ago--because it's obvious.
- darthmdh, on 10/12/2007, -1/+4@thejadedmonkey
What happens is you look at the envelope headers and see the mail has been spoofed, same as you do now.
(Oh, you didn't know that the envelope sender & recipient is different to the message body header "To" "From" "cc" "bcc"? You have no right to talk about email...)
What's better is that you configure your SMTP server to automatically reject mail from obviously spoofed addresses. This dramatically cuts down on the amount of crap that ends up in your inbox. If the remote client does not talk SMTP correctly, reject them. If they say HELO or MAIL FROM a domain that doesn't exist, or don't specify a DNS-less IP correctly, or try to say they are you or an IANA reserved network, reject them. If they are sending RCPT TO a domain that doesn't exist or isn't one of yours, reject them. If they don't do ESMTP pipelining properly, reject them. If they're on your blacklist, reject them. If the message headers or body match certain regexps, or criteria as determined by an external content filter (eg, spamassassin, some virus scanner, etc) reject them.
On the client side you can do further filtering on a per-user basis during the mail retrieval stage before it ends up in their local inbox - this is where you would implement some kind of white/grey/blacklist system.
People new to the internet: we've been doing this for over a decade. Its not fancy, untested, or rocket science. Either catch up or stay the heck away from our network. - Outdoor83, on 10/12/2007, -0/+3It's even worse than that, actually. TVs are black-box units: plug in a new one. Now you use HDTV instead of the other. We don't have the luxury of black-box email systems.
The best way to look at adoptaility of these standards isn't to look at how we'll do it, but how your parents will do it (assuming they're technologically ignorant). How do you put together a system that doesn't confuse them and is easy to upgrade? Hell, even having Microsoft Update do it would only reach some of them (my parents turn off the "inconvenient messages" when I'm not around). Many people out there use antiquated software and won't ever update. With something as ubiquitous as email, you just can't do it. - JayRod, on 10/12/2007, -2/+5The blog's font is actually easier to read than the actual link, my opinion.
- jdlee, on 10/12/2007, -1/+4Misuse of modest alert:
A modest proposal: the backbone of our e-mail system, Simple Mail Transport Protocol (SMTP), is fundamentally broken and should be scrapped. - ryanknapper, on 10/12/2007, -0/+3This is just like those "the desktop paradigm is antequated" stories. Everyone points and says there is a problem, no one shows up with a decent solution.
- darthmdh, on 10/12/2007, -1/+3Likewise, it would be difficult to convince all the people I encounter in the street who I don't want to talk with to simply keel over and die if they simply look at me. [okay, so I left that one open... any takers?]
SMTP is not flawed. People who don't understand what SMTP is are flawed. People who have been on the internet for 5 years or less and think "the Internet" is the little blue icon shaped like an "e" they double-click on their desktop are flawed. I don't blow up (or demand modification of) Australia Post delivery vans because those damn Boystown Lottery wankers snail mailed me spam again. Its not only expensive, it doesn't come close to addressing the problem.
People calling for an SMTP replacement protocol are problems looking for a solution they're not prepared to fully investigate, document, and propose in the proper manner. This isn't even news, its an old whine clueless opinionated bloggers (and pre-blogs, clueless opinionated Usenet posters) bring up every now and again as they join the Internet, don't bother to learn how it works, and have some pet peeve problem (usually caused by the dodgy software they use, but lets not open up that can of worms) they want solved without having to do anything in order to do so.
If you really think about it, they're no better than the spammers they're whining about. - DigiDave, on 10/12/2007, -11/+13The story is good. I decided to link to this post because I thought the story was a bit confusing. This post gives a better background. Just my opinion though. There is a link to the story from the blogpost of course.
- jrittenh, on 10/12/2007, -1/+3On the contrary...SMTP is very much broken, particularly based on your logic. If an additional set of protocols is required to prevent spam, then something is wrong. The only solution to completely eliminate spam is to build the verification process into the protocol itself. If you look at DNS, a similar problem exists. Layering protocols on top of one another is not the solution.
- stylecramp, on 10/12/2007, -0/+2I think it would be hard to convince all of the companies living off of fighting SPAM via the SMTP protocol to adopt a different standard which would essentially make them obsolete.
And these are of course the companies with the most interest in the political battle. - Lifestory, on 10/12/2007, -0/+2give me your thoughts about this. but isn't the email acting like what it should be? a normal mailbox?
I get junk mails everyday, well sure, coming from singapore, there are solutions to stop all these from coming into my mailbox, but there's just so much one can do. I still receive them now and I don't think that will stop. Isn't that the case for email then?
Don't get me wrong, I'm not trying to rebuke this article. It just sets me thinking that no matter how the world progresses, somethings never change. - Cyphase, on 10/12/2007, -0/+2All IM and e-mail should be using the same protocol. Maybe Jabber, or something similar (better), is a good idea...
- timro, on 10/12/2007, -0/+2Is that a buzz word I spy?
- Otto, on 10/12/2007, -0/+2"Adding authentication would help because many spammers spoof the entire email, you can create a completely bogus email address..."
And existing measures can easily recognize and drop these. Enable SPF on your mail server. Done and done. Spoofed mail from domains that the spammers don't control gets dropped instantly. - scald, on 10/12/2007, -0/+2I'm not like much the idea of authorize EVERY address i receive.
- rdwtux, on 10/12/2007, -2/+3This is nothing new. Anyone with a little network knowledge knows that SMTP is broken in the modern Internet age. SMTP offers no proper authentication or encryption of the data transmitted. The issue is that nobody thus far has stood up with any power (i.e. Google, Microsoft, etc) to push and support/demand one of the proposed fixes and said that the 20 year old implementation isn't good enough.
There's no push from the user community to fix it since users generally don't know there is a problem. I type an email and press send, the other user gets it. Works great!
The thinking a few years ago was that once businesses come to rely on email for business critical communications the problem would fix itself and a standard would be adopted. Oddley this didn't happen. You would think SPAM would have caused authentication standards to be adopted. Instead it just created years of arguing between the main players as to which standard was best. Blackmail lists were all the rage a few years ago, but they caused more headaches and administration then they were worth.
In the last few years we've actually slid backwards from blacklists to wide open, non-authenticated communication. Somebody has to stand up and actually implement, support and enforce a standard that they have proposed. - macattacks10, on 10/12/2007, -1/+2Problem is that doesn't work, spammers always spoof their email address, so it will constantly come up with different email addresses which aren't even real. If it were that easy it would've happened a long time ago. At this point I think we do need to push for a new protocol.
Edit: And I was beat to it barely - Chewie67, on 10/12/2007, -3/+4I agree with this article 1000%.
It's nothing earth-shattering. Anyone who works on the Internet with any regularity knows that our current email is horribly broken and needs to be replaced. Getting everyone to do it is the hard part.
Really, this will only happen if one (or more) of the major players step up and demand it. For example, if AOL, MSN and Earthlink all drop SMTP and move to a new, open standard email system, others will eventually fall in line. Same would be true if the federal and state governments made the switch, or a consortium of major universities did it. Once the tide starts, others will follow.
I doubt we'll see it anytime soon, but I hope I'm wrong. - utherwayn, on 10/12/2007, -1/+2Adding authentication would help because many spammers spoof the entire email, you can create a completely bogus email address, I wouldn't doubt that people could spoof their mail server as well or anything involving the actual message itself. Adding some sort of authentication would force at least two hands to be part of the handshake whereas now it is one hand shaking.
You are right with many of your points but authentication just means you have something to turn to when something excessive happens. - toeside, on 10/12/2007, -1/+2Ah yes, nothing like overstating the flipping obvious. So NO ONE has ever considered that SMTP desperately needs to be replaced? Has anyone noticed that junk mail in its original form still shows up in the mail box every single day, but the Post Office is still around? No digg. Oh, and by the way, since when have telnet and FTP been abandoned? Has everyone suddenly stopped downloading from FTP sites? Come on people... buy a clue...
- Haplo, on 10/12/2007, -2/+3"And why the hell is Pile getting modded down? Because he is speaking the truth? Or because all the kids on this site have no idea what the hell is going on and they are randomly modding things up, and radomnly modding things down."
Quite close. If it's too complicated they mod it down, if a 5 year old can understand it, and it's funny, it's modded up. - kmarius, on 10/12/2007, -0/+1"Anyone who works on the Internet with any regularity knows that our current email is horribly broken and needs to be replaced. Getting everyone to do it is the hard part."
SMTP is just a protocol. What would you gain by replacing it? If you need real authentication, just add a digital-id header, where each smtp the mail pass through adds to it. It would be easy to use a trust based system, where you only get mails from trusted servers. There's no need to look at faked emails etc.
There's nothing you can do with XML that you can't do simpler and easier by using the SMTP protocol. - beadza, on 10/12/2007, -0/+1or possibly people don't like unrelated links in comments?
- vostok4, on 10/12/2007, -6/+6And why the hell is Pile getting modded down? Because he is speaking the truth? Or because all the kids on this site have no idea what the hell is going on and they are randomly modding things up, and radomnly modding things down.
- Briankb68, on 10/12/2007, -2/+2And I'm tired of people telling me what they are tired of.
- Zipp425, on 10/12/2007, -4/+4The blogs article is actually pretty good. If you read it you would see...
- Pile, on 10/12/2007, -21/+20SMTP isn't broken. This is bogus.
The problem is we will inevitably move to a system where smtp relays will be "licensed" or "whitelisted" in order to thwart spammers. It will happen. The only thing that could make this not happen would be if the authorities actually started prosecuting spammers for their illegal activity, but I think that's unlikely.
http://BSAlert.com/ - utherwayn, on 10/12/2007, -2/+1I could be wrong of course because i'm NOT an expert but I am fairly knowledgable .. isn't this what microsoft exchange mail server tries to do?
Feature List
http://www.microsoft.com/exchange/evaluation/features/default.mspx - cyborgver666, on 10/12/2007, -3/+2Web 2.0 eh? Time for me to head to the patent office...
- jrittenh, on 10/12/2007, -4/+1Well said.
- MrViklund, on 10/12/2007, -7/+4E-mail 2.0? Joking me? :P
And what should that be? - cgwas, on 10/12/2007, -6/+2Just use Gmail.
- deadmoo, on 10/12/2007, -6/+2A modest proposal: eat babies. That's a Swift idea, right?
-
Show 51 - 57 of 57 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is