When I look back at 2003, I expect to find that my two most valuable days of the year were spent at Septembers Messaging Anti-Abuse Conference in Santa Barbara, Calif. No other everyday IT issue overshadows the waste of time and money, and the threats to system integrity and availability, that have come with this years surge of commercial messages, mail-borne attacks and immune-system overload of “undeliverable message” responses to spurious traffic.
Hosted by Openwave Systems, the conference foreshadowed future collaboration among technologists, regulators, legislators and the courts. Unless all these parties share their perspectives with one another, well wind up doing more harm than good. Well have laws that e-mail technology cant enforce, or well have changes to e-mail technology that make it both less flexible and more costly for legitimate users.
The offense has a fundamental advantage. Scott Chasin, chief technology officer at MX Logic, briefed conference attendees on the portfolio of tools and techniques available to abusers. A mass mailer can disguise the “signature” of a sales pitch, for example, by surrounding it with randomly generated sentences that look like legitimate business communications, using rendering tricks so that the reader doesnt see that camouflage—but an e-mail filtering system does and is falsely persuaded to let the message through. Higher filtering thresholds lead to false-positive rejections that kill any hope of end-user acceptance.
Some proposals would require drastic changes to the e-mail system: for example, by limiting acceptance to known senders or to those who satisfy challenge/response protocols. Such changes demand great caution. E-mail has altered the way we communicate with one another. Its become a vehicle for opening political discourse, for example, to interests that have not been served by previous mass media. Attendees were urged by keynote speaker Lawrence Lessig, a Stanford Law School professor and author of the influential “Code and Other Laws of Cyberspace,” not to be too quick to give up those benefits.
Its unreasonable to think that e-mail wont be used by those with something to sell. In the world of paper mail, we keep junk-mail distraction tolerable by using other channels—ranging from registered mail to bonded couriers—for critical communications. Similarly, e-mail, however cheap and convenient it might be, isnt right for every purpose.
But if e-mail cant be defended without being broken, then perhaps we can make it a less attractive target. As I said during a panel discussion at the conference in Santa Barbara, spam is effective because people spend so much of their workday looking at their incoming e-mail stream. If people werent looking at their electronic in-boxes all the time, expecting critical business communications, then spam would not be such a desirable way of taking a free ride on their attention.
Enterprise system builders should realize that they rely on e-mail for the same reasons spammers do. E-mail is cheap and simple and doesnt require a lot of planning to reach a lot of people very easily. The result is that weve been using it internally as a communication tool, often for tasks for which its poorly suited. We could meet more of our enterprise needs by building portals, where users would have secure access to regular announcements or structured discussions. This would be much more reliable than e-mail in ensuring that all participants can see all relevant communications. In the long run, it would also be cheaper: Obsolete information would be easily deleted, not carefully preserved in swelling e-mail archives.
Applications can also be built with their own communication facilities, using Web services protocols to exchange data between sources and consumers, rather than simply using e-mail because its there. The browser and the in-box should be used for finding new things or for receiving unexpected communications, not for the bulk of business communications that are structured and routine.
The strategic opportunity is not in “fixing” e-mail, which may well mean breaking e-mail. The greater long-run potential lies in using the Webs next- generation tools for enterprise communication while letting e-mail be.
Discuss This in the eWEEK Forum
Technology Editor Peter Coffee can be reached at [email protected]