In my mind, the biggest failure in this regard is SMTP, the
dominant mail protocol of the net. Spam is as pervasive as it is
because of weaknesses in SMTP. We know how to fix these problems;
the problem is that doing so would break existing applications,
which means e-mail in general. This is always a bad thing, but it's
not always a deal-killer. I think this is one area where, in the
long term, it may make sense to move away from a protocol that has
allowed e-mail to get out of control.
I asked a few people involved in solving the problems of e-mail
what would be involved in fixing it. This put them in an awkward
position of conflict; after all, spam-filtering vendors and other
security companies make their living because these problems
exist. But I think these problems are likely to get worse before
they get better, and real solutions are something for our children
more than for us. You'll be able to make a decent living in the
security industry for a long time.
Tonny Yu, founder and CEO of Mailshell, says that any new
and better replacement for SMTP would have to have some sort of
certification system to guarantee that senders are who they say they
are. The obvious candidates would be certificate services like
Verisign, but if demand shot up perhaps there would be more
competition. Mail servers would also have to be certified, or mail
sent to them would not be trustworthy.
The other important requirement, according to Yu, is a system for
tracking resource usage per sender. Basically this means that
profiles should be established for normal amounts of mail sending
from different types of users. If you limited normal users to 100
messages per second and major companies to 10,000 messages a second
it would be hard for legitimate users to complain, but spamming
would be much harder.
Once these systems were in place, and assuming they were
implemented well, it would be simple to build tools to filter out
mail that was uncertified or abusive in terms of volume, and even to
blacklist users and servers that facilitate it. Conversely,
whitelisting would become easier because you could whitelist users
based on their certificates, not based on a from: address that is
easily spoofed.
You can't just order everyone to adopt a new system and throw the
switch. Over some period of time I think there would have to be SMTP
gateways into the new system. It's fair to say that mail from those
servers should be treated as less trustworthy than from those in the
new network. Therefore that mail could be subjected to scrutiny for
forged headers and so on. While any real effort at this would take a
long time, I would hope that if a new network could demonstrate
itself to be immune to enough significant problems it would attract
new users.
It's entirely possible that if this were done right, it would
increase the costs of e-mail. But up to a degree, that's just fine
with me. Dirt-cheap e-mail is one of the problems that made spam so
appealing to marketers. I'd actually be glad if it were more
expensive to send than receive e-mail. The cost increase would be
trivial for normal users, but potentially crushing for spammers (and
perhaps to "legitimate" direct markets; c'est la vie). In the
longer term, it will lower other costs, especially if it reduces
spam significantly. Think of the diminished traffic load. I think
it's also fair to say that it will tend to reduce the volume of
Internet worms and viruses because true authentication will make it
easier to identify those who are infected and spreading such
malware, many of which come with their own embedded SMTP
servers.
Strictly speaking, strict certification means an end to anonymity
in e-mail. Of course, it was never really supposed to be anonymous,
and real e-mail anonymity is only possible if you forge headers and
if your mail-server admin doesn't care. Speaking of not caring, I
don't care about the anonymity problem. It's not the only problem
out there and it doesn't completely trump others, like anonymous
pornographers e-mailing our kids.
If only the designers of Internet2®, an
academically based effort to develop and promote advanced networking
applications, were concerned with such matters, but they have their
sights elsewhere. Perhaps it's time for someone to start Internet
1.5. (I'd go out and reserve the name myself if it were a legal
one.) Everyone knows it's the .5 version that gets it right.
Security Supersite Editor Larry Seltzer has
worked in and written about the computer industry since 1983.
.gif){kind=small}
.gif){kind=spacer}
