After I called the second customer for the day to find out if they had received an e-mail I had wrote them, I relized that email’s usefulness has pretty much come to an end. I’ve now been reduced to relying on a second medium to make sure that my communication of the first medium is successful.
How have we gotten here? It’s been a long game of cat and mouse. "Us" versus the bad guys. At first, it was us versus the spammers. They wanted to pedal their wares for the low cost of a mailing list, rather than the high cost of a postal mailing, or a telephone call. People started blocking sites that sent out messages to people that didn’t want them, so they started getting creative; they starting scraping our email addresses from newsgroups, websites and other mediums. We started to get more and more spam, until we HAD to employ policies of blocking portions of our email.
Next came the scammers, virus writers, and the phishers. Their goal was not to sell you a product, but rather coerce it out of you. All of a sudden it became dangerous to NOT scan and filter your email. Now we were reliant on a piece of software to determine if message was not only something that was authenticate, but also if it was something that is safe to open.
No software can get this right 100% of the time. And even as we get better and better software, the spammers, scammers and viruses are getting better at a faster rate. I took a look at the stats on my mail server — almost a half-billion messages were rejected for some reason or another, and about 2,000 messages delivered. How many of the messages blocked were real, or something that I wanted? The messages are gone, so we may never know.
So how do we fix it? I think we are past the point of fixing email as it exists today. A possible solution was to tie email to DNS, how ever as recent vulnerabilities have shown us, even DNS isn’t sacred. My original thoughts revolved around having a public key in your DNS entry, and only accept mail from sites that have encrypted their email with the correct private key. Don’t accept unencrypted email. Of course, this means that SMPT would need to be thrown out completely. A much better system could be devised, i’m sure.
I hope the IETF comes up with something soon. Or maybe, we just say that email is dead and gone, and we move on to something else, like Jabber or Facebook Messaging 😛