Email issues

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Thu, 19 Feb 2004 10:41:58 +0100
From: "Peter B. Ladkin" <ladkin () rvs uni-bielefeld de>
Subject: Email issues

Folks,

I shall send this note to Risks, but it contains a reference
to the current print edition of The Economist, which will
only be available for a few more days, so I am taking the
liberty of distributing this comment more personally.

Lawrence Kestenbaum substantiates in his Risks 23-19 note
the considerable problem generated by inappropriate e-mail
server responses to virus/worm/spam e-mail, which I noted
with regard to Sobig (Some observations on email phenomenology,
Risks 22-88). However, his last paragraph misplaces blame.

The spammers and worm/virus writers are no more responsible
for the amounts of junk generated by misconfigured e-mail
servers than I am responsible for the damage caused by an
automobile whose driver does not observe my bicycle until
the last second and manoeuvres suddenly.

I agree with Kestenbaum that the e-mail system is more or less
broken.

The Economist has addressed the issue in its edition of
February 14, 2004 (Business Section. The article is available
on its WWW site for a fee to non-subscribers). In an article
entitled "Make 'em pay" (supertitled "The fight against spam",
subtitled "The dismal science takes on spam"), the journal suggests
that techies have had a go at the problem, then politicians, and now
economists are "taking over". Risks readers may recall that Bill Gates
said in an interview at the recent World Economic Forum at Davos that
certain measures Microsoft favors will get rid of spam in two years.
One of those proposals was a per-mail fee, like postage. The
article says that "Sceptics noted that Microsoft could also
help by fixing security flaws in its products - the latest
confessed to this week - that can be exploited by spammers".

The article discusses various schemes, namely those by Goodmail
Systems, IronPort Systems, and Balachander Krishnamurthy at
AT&T Labs.

I hope that the techies and politicians are not yet finished.
The payment proposals distinguish between two classes of user:
bulk mailers and others. (The post office does also: bulk mail
there is cheaper than ordinary mail.) Bulk mailers should, somehow,
pay. But not all bulk mailers are spammers. I suggest that a much more
fundamental distinction lies between fraudulent e-mail (e.g., that with
intentionally false header information) and non-fraudulent e-mail. In my
opinion, this issue must be addressed come what may. Fraud in electronic
communication covers much broader issues, even for business, than
spam and its responses: for example, one needs reliable processes for
establishing, validating and enforcing contracts electronically. E-mail
authentication would be a great help.

Since the e-mail server market is dominated by very few pieces of
SW, one imagines a coordinated effort to alter e-mail protocols
to introduce some degree of authentication, say along the lines of
Tripoli, lies at least as well within reach as schemes to introduce
payment for e-mail. We may presume that producers of such SW are well
aware of such proposals, and we may conclude that they are not favored
because they do not fit someone's business model.

I find some confirmation for this conclusion in that schemes to introduce
individual payment for free e-mail service are being touted at the very
time when just the reverse is happening with telephony: schemes for
internet telephony are apparently arousing interest in major
telecommunications companies over the traditional individual payment model.

I imagine that if one is a commercial SW producer it is also easier to make
money by responding incrementally to internet users' issue du jour rather
than by introducing a procedure that would handle a large class of such
problems all at once.

One argument in favor of the business model could be that the economy
which has sprung up to deal with spam and internet security issues is
now large enough to lobby successfully against any proposal that would
reduce its potential clientele at a stroke. If this is so, then
incremental modification would seem to be the only socially viable
possibility. What a depressing thought.

PBL

Peter B. Ladkin PhD FBCS CW(hon)
Professor of Computer Networks and Distributed Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel (Vx/msg/Fax) +49 (0)521 880 7319 http://www.rvs.uni-bielefeld.de





-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/