back to article Email 2.0: Trying to catch up with the web

Remember the days when you clicked on a link in an email without worrying about hitting a porn site or letting loose a virus? Well, these days could be back with us soon if the engineers at INET SF have their way. “As we moved forwards to Web 2.0, email moved backwards to 0.7,” explains Daniel Dreymann of Goodmail Systems, …

COMMENTS

This topic is closed for new posts.
Silver badge

What we should do is go back to text only

It would be much nicer. If you REALLY want all that silly html, or multimedia crud, copy a link to your favorite browser. It would save a BUNCH of bandwidth and if you DO spam you will need to do your stuff where everyone will see it, none of the hidden links or other similar stuff.

As one who has used email for over 40 years (yes, I did some in 1969, it was on the same machine) we should all go back to this method. If you want more, funnel the data through a server (which will nicely look for bad stuff) and send a link.

Easy!

4
1
Thumb Up

Hear! Hear!

I'm always trying to convince people that HTML should be plain text, and wasn't meant for all the HTML garbage that gets sent around.

Unfortunately by bosses are a bunch of ******** who seem to think that if it's not got pretty pictures it's not worth doing.

2
1
Silver badge

No Thanks!

I shall continue to have no remote content enabled, no remote images, no clicking on links, no opening attachments that are not expected AND non-executable.

None of these will be reliable.

The problem is that people do trust links and emails sadly. That's why most infected PCs actually have AV software.

0
0

Killer idea

Time to start charging for emails. A penny a shot, or even less, would discourage spammers. The fee might optionally be paid to a charity. Any email not tagged 'paid for' would not be delivered.

1
6
Anonymous Coward

What?

Who are you going to charge? How? Do you have the faintest idea how email works? This is the most stupid thing I've read in a long time! And I read ALL of ElReg's election coverage.

0
0
Silver badge

I've seen this suggestion before..

..and if it ever came to fruition, a free p2p SMTP or other email network would probably shoot up faster than you can say "OH SHI-".

Charge for sending an email? If you want to kill the whole system, I couldn't think of much better a way.

0
0

Killer idea

Time to start charging for emails. A penny a shot, or even less, would discourage many spammers. The fee might optionally be paid to a charity. Any email not tagged 'paid for' would not be delivered.

1
0
Anonymous Coward

Move to IPv6

I know this isn't directly in line with the article, and probably very geeky, but what's the progress with IPv6 'switchover'. I get the impression it's very slow and patchy at best.

0
0
Silver badge

Email's not the problem

The problem is that we are still evolving a way to approach it.

For example, most people have one email address. Just one. Which they give it out to all and sundry: friends, family, the boss, companies they deal with, web promotions they sign up for, forums they post in and anyone else who asks for it. Under those circumstances, it's no surprise that they get flooded with crap - nor that they then pass it on to everyone else in their (single) address book.

What should happen is that people are taught how to use email (and every other internet service, too). But they should be taught to use these things defensively. Just as we are taught to treat every other driver ont he road as if they were drunk, on drugs and falling asleep, when they should be focusing on the road ahead. Email users should be taught to compartmentalise their email: one account for personal use, a separate one for work, a third for buying stuff, another for all the dodgy activities they sign up for and a slew of secondary, disposable addresses for all the crud they suspect that signing up for "free" offers will bring.After all it costs nothing to set up accounts and there's a great opportunity for an enterprising ISP to make the process simple and painless (and also to tie customers in).

Maybe in a generation or two, email ettiquette and practice will have got over it's learning curve and users will understand that keeping unconnected things apart helps them, as well as helping everyone else.

2
0
Anonymous Coward

Compartmentalising addresses

I like that idea too - a lot - till about 7 years ago. I sent a single email on a newly minted (and very non-obvious) address on one of my domains to a less than tech literate acquaintance. Within a week, I started getting what slowly turned turned into a flood of spam, just around the time he reported "computer problems". My mail to him (and the reply), were both in English, the spam was in his native language, so I'm sure it was harvested his end rather than my server.

I still try to keep addresses in the good, bad and really ugly categories, but the truth is it doesn't really work long term as long as your address is floating around other peoples machines.

0
0
Unhappy

Having multiple addresses isn't effective

I do this. I actually create a new address for each organisation I create an account with. This has worked a bit (my Amazon address leaked on to a spam list, so I updated the Amazon account, and binned mails to the old one) but it relies on *everybody* being careful. It only needs one friend to have a compromised machine for your primary, friends-only address to get on to the spam lists - and your in-box is full of pill adverts, diplomas, offers of employment and urgent bank security updates.

0
0
Thumb Up

Other than spam filters

email does seem to have been left behind really.

Would be nice to know if i click on the link for naked Anna K pics I'm not going to get a virus... ;)

0
0
FAIL

So where is email 2.0?

SMTP is a quarter of a century old! While it served its purpose for its first decade it has seriously fallen short of a modern requirement for authentication and security.

Why haven't the key technology companies come up with a new protocol that would leave spammers out in the cold? 90% of email traffic is spam.

0
1
Gates Halo

Of course they have!

"If only the world got rid of all these insecure UNIX boxes running SendMail, Exim and the like, and upgrated to nice, secure Exchange, the spam problem would be cured!"

:-)

0
0
Silver badge
Alert

Obvious why

Because, one way or another, the "key technology companies" are benefitting from spam.

1
0
Silver badge

Email 0.1 please...

Funny, all this talk about "trust" for permitting the likes of Ajax and HTML5 in emails. Trust or not, I wuld truly fear that day.

Am I the only person who prefers PLAIN TEXT emails? Images are blocked, scripting is discarded, HTML is (usually) stripped. This means my wonderful promo emails from Maplin (yes, I'm looking at YOU) arrive as empty messages. Tant pis, as the French say. If it can't be said in text, don't say it at all. There's a method of adding attachments if text isn't good enough (schematics, for instance), but this is supposed to add to rather than replace the content.

Some Ajax/HTML-whoo-hoo-2.0 sites look pretty damn good, but it seems to me that the flashier the site, the less actual useful content the site provides.

Please please, I beg you, assign a different port to the "new" email, so I can carry on with port 110 and leave all of this "enhanced email" (meh!) to pass me right on by...

3
0
Thumb Down

Signatures

Erm... digital signatures on email have been around, like, forever. Either MIME/S if you want to be corporate and spend money, or GPG if you're a normal person. By signing the content and not the route the whole issue of untrusted delivery just goes away. There's a bit of a problem with support --- the corporatish clients tend to support MIME/S and not GPG, the open source clients tend to support GPG and not MIME/S --- but it pretty much *just works*.

0
0
Thumb Up

Facebook and Twitter

I don't think Facebook or Twitter will ever make email redundant, even with all the spam in my inbox currently I still find that it is significantly less bloated and time consuming than Facebook.

While it may be true that my facebook might be more bloated than most because I lack the conviction to check it once a week, let alone update my status from a phone when I get on the bus, the fact still remains that I cannot find the desire to actually look at these sites when people can just email me.

I don't *NEED* a website to tell me that my family have different friends to me, and I certainly don't want to know when they're on the bus.

I welcome anything that will reduce the likelyhood that I will need to use Facebook more...

1
0
Silver badge

We've forgotten the concept of "horses for courses", alas ...

"Remember the days when you clicked on a link in an email without worrying about hitting a porn site or letting loose a virus?"

No. In fact, I've never "clicked on a link" in email. But then I've never used a web browser to read email, any more than I use a television to listen to the radio. Horses for courses & all that.

My email software of choice presents email as 7-bit ASCII text, the way the RFC 821 intended. No pointy-clicky stuff. I don't need it, and I don't want it. Adding complexity to a simple text-based communication system is (and always has been) only asking for trouble. Especially in a globally networked environment.

Rest in peace, Jon. Us old guard will try to keep the kiddies in line ... http://tools.ietf.org/html/rfc2468

1
0
Stop

Time for bed grandad

BOFH 2002 Episode 20: BOFH and the Luser Group:

"BUT THAT'S JUST THE POINT," a greyhair from the records room interjects, picking now as a good time to pop briefly out of his coma. "We keep getting pressured to CHANGE! We just get used to something and someone wants to change it!!"

(I feel an "I still use Word Perfect Version 1 and it does what I want" speech in the making)

"When I started here..."

(told you so)

"...we just used the editor thingy, and mailed each other what we needed. Now we've got to use some new bloody Outlook thing that makes no sense at all! I liked the editor, it was simple and it did what you needed!!"

"It didn't have a spell checker," the first git argues.

"WE DIDN'T NEED SPELL CHECKER! We KNOW how to spell, people are just too lazy to use their DICTIONARIES!!"

2
0
Silver badge

Call me "grandad"[1] and then ...

... trot out a BOFH reference? Didn't you get the memo? The BOFH series was old, tired & derivative of itself before it left Usenet ...

My point remains. The reason email exists is for best effort delivery of text communications. Grafting all-singing, all-dancing bells and whistles onto it, and trying to turn it into a real-time system, is just asking for trouble.

[1] As if that's an insult ... I AM a grandfather. Neener! :-)

1
0
Alert

(untitled)

> The reason email exists is for best effort delivery of text communications

The original reason yes, but for most people that simple isn't true anymore, and hasn't been for a while.

I'm not saying if this is good or bad, just saying email *has* moved on, you don't have to like it but that doesn't mean it hasn't happened.

As for insulting the BOFH, oh dear, oh dear.

0
0
Silver badge

Email *has* moved on

Funny, emails are increasingly less and less readable without using software to display it for you (those "=20"s everywhere is just the beginning). What used to take a paragraph now takes a couple of hundred kilobytes AND expects me to be happy to fetch even more rubbish on-the-fly of reading the message.

Funny, this sort of bloat and slowness and naffness is such a tragedy in software (just ask Stevie-boy about Flash), yet the same thing in email is considered progress?

Sorry, I'm with grandpa. If you want whoopee-doo, kindly sod off and create a new protocol with new whizzbangs and leave email, plain boring regular TEXT based email, untainted.

0
0
Coat

Once upon a time

You could click on a link and not only load the page you wanted but under the hood visit many other sites, have popup ads galore and hidden javascript capture private data about you and send it god knows where.

The email I have at the moment is perfectly fine thank you. If Email 2.0 is anything like Web 2.0 than I'm sorry, I'll pass.

Mail 2.0 sound like a lot of hot air with no outstanding USP's. Soon, I'll have to resort to setting up an email system just for my 6 person company just to keep our screens free of cap that we don't need.

I could turn out that this might be a folorn hope. IMHO, If big media have their way, soon Adblock+ will be deemed to violate the DMCA and is outlawed.

There are plenty of other things that need fixing before EMail.

Ok, I know when I should go the way of the Dinosaurs.

2
0

Not conclusive

Thats nice, but it sounds like an alphabet soup mess. Instead people could use a simple solution like integrating the behavior of modern spam filters with content formatted by a markup language designed specially for email. Fortunately, somebody built such a thing:

http://mailmarkup.org/

0
0
Happy

how self interesting

"Mail Markup Language (MML) is the patent pending intellectual property (IP) of Sabre Inc (OWNER)"

so says one A. Cheney of Sabre Inc. Is that you then?

0
0
Anonymous Coward

Another half take on things.

The problem with signatures is that there are several problems. A few to illustrate the point:

One, signing mails gives information away indiscriminately which has consequences that crypto proponents tend to overlook. It's as if most of them think that as long as they have crypto, they have nothing to hide, and therefore nothing to fear. Yeah, that'll work out real well, guv. xkcd, anyone?

Two, plenty of people don't even understand what it means when a signature doesn't verify, and since the message --if signed in the clear-- is readable, we tend to overlook signatures that don't check out. Because the penalty otherwise would be not getting your message out. Which is sort-of the point, really, so signatures actually run against the goal people use it for, making the whole setup more brittle than a nigerian spam operation.

Three, it gives excuses to abuse departments to ignore spam complaints that don't lend themselves to be listwashed. And yes, there's plenty of those around.

There's more where that came from, but this ought to be headache enough. The one upside to crypto in email being essentially useless for wide deployment is that the most widely used system is lot cheaper than the equally useless website trust certificate racket. It still looks like the designers didn't visit the big blue room very often though, just like the designers of the other system.

0
0
Gold badge

Don't want rich e-mail

Firstly, i don't want "e-mail 2.0", i have never gotten a useful e-mail with more than a simple web link in it (plus plain text). I use pine (well, alpine) so i'm not troubled by the rest. It's not a matter of trust, i haven't received a legit "rich" e-mail from anyone.

secondly, filtering by ip is obsolete, and i recommend against it. Almost everyone still uses it to reduce load on secondary filters, but i don't and the result is great. Spamprobe (bayesian spam filter) gets PLENTY of spam to train itself (so almost none gets through), without a massive list of ip addresses.

2
0
Thumb Down

DO NOT WANT

I don't care what you send me, my email client is set to only show plain text anyway.

1
0

Why this will never work

You can have trusted domains and signed emails, but ultimately, if your machine is compromised, the bot will sign emails itself and send from your own desktop, just like legit email.

3
0

How do you think compromises happen?

Email is the primary source of compromise for personal and enterprise machines, hands down. Sure, some businesses get whacked by injection vulnerabilities in their public web apps, and some places get pwned because they're using WEP on an enterprise access point -- those are slivers on the pie chart of compromise. By fixing attribution in email, users would not have to worry quite so much about having their machines compromised. The attackers would have to go back to the bad-old-days of attacking the machine instead of the user.

The solutions described in this article won't solve stupidity, but with the interweaving of attribution (by way of digital signatures) and monitoring the history a sender (by way of heuristic algorithms), email will be better. These technologies haven't been adopted because all the points in between source and destination have to use the same security standards and that is HARD TO COORDINATE. Plus, when something is working "well enough" admins are loathe to change it.

For all the people who say going back to text is the way to go... stop it. You're not thinking through the problem well enough. (I know that wasn't you, McMoo)

0
1
Anonymous Coward

plain text for me too please

Sometimes I wonder if people actually know what AJAX is, or if it's just something they blurt out like a secret password that they have to say in order to get the good stuff. "I want a new computer and I want it with AJAX and horse power and a pentime duelo and a garlic crusher blah blah blah"

1
0

This post has been deleted by a moderator

Anonymous Coward

So many things

As many write here, there are so many problems with email. Some people have the solution of using only plain text. While this is how email was invented (40 years ago), it does not handle how some of us like to communicate. For example, I often write certain people and include some text, with some words in different colors to convey different meanings. I also include images in the body of message. Yes, I can put images as attachments but then I can't have text-image-text-image as I would like. I guess I could put it all in an external document and then attach that document but then the recipient has extra work to do to read it (and I have extra work to do to write it).

Authentication (digital signatures) is an issue. We do need to be able to trust a sender is who they claim to be. Links in emails should include tooltips when you hover so you know where those links really go.

The solution, I believe, is to get rid of email. This is not so radical. We moved from CDs to DVDs to BluRay. Why can't we upgrade our messaging technology?

I use TrulyMail, which is a secured, private messaging system which also include email. It's like getting a BluRay player which also supports DVDs. If anyone else uses the same system, then we get authentication, automatic encryption, etc. If not, I can still use email until more people see the light.

Email has not grown well. The standards have not been there and now we have a giant mess. While we can 'just go with it' but I think it is better to step back and really consider what we want. I've made my choice and am happy with it. Everyone should ask themselves, can we do better than email?

0
1

So many things

As many write here, there are so many problems with email. Some people have the solution of using only plain text. While this is how email was invented (40 years ago), it does not handle how some of us like to communicate. For example, I often write certain people and include some text, with some words in different colors to convey different meanings. I also include images in the body of message. Yes, I can put images as attachments but then I can't have text-image-text-image as I would like. I guess I could put it all in an external document and then attach that document but then the recipient has extra work to do to read it (and I have extra work to do to write it).

Authentication (digital signatures) is an issue. We do need to be able to trust a sender is who they claim to be. Links in emails should include tooltips when you hover so you know where those links really go.

The solution, I believe, is to get rid of email. This is not so radical. We moved from CDs to DVDs to BluRay. Why can't we upgrade our messaging technology?

I use TrulyMail, which is a secured, private messaging system which also include email. It's like getting a BluRay player which also supports DVDs. If anyone else uses the same system, then we get authentication, automatic encryption, etc. If not, I can still use email until more people see the light.

Email has not grown well. The standards have not been there and now we have a giant mess. While we can 'just go with it' but I think it is better to step back and really consider what we want. I've made my choice and am happy with it. Everyone should ask themselves, can we do better than email?

0
2
FAIL

Barking

In short this is a load of nonsense wrapped up with a bit of Web 2.crap badgers paws to try and sell people on a solution to a problem they dont have.

"Remember the days when you clicked on a link in an email without worrying about hitting a porn site or letting loose a virus?"

No, not really. If you have links there is a risk you will hit a porn site or virus. This is *more* prevalent with Web 2.0reah based tools then anything else.

"Technically, we have no good way of checking email. It comes with no guarantees whatsoever, explains Jim Galvin of Afilias. We just assume that it came from who it says it did because it says it did."

Like everything else. When I get a letter in the post from my bank, I assume it came from them - it might not have. Why cant we get better authentication controls on our snail mail?

The sender authenticity is not the greatest problem as it is arguably more likely a hostile source will hack your trusted colleague and then use their account to send you malware (twitter for example). Most spoofed spam / junk seems to pretend it has come from me - which is fairly easy to spot.

"The problem, adds Dave Crocker of Brandenburg InternetWorking, is that we have trained ourselves to look for bad behavior, and so we have ended up being ineffective at looking for good behavior. “The trust side of Internet world is not just flip-side of abuse,” Crocker argues. “They are two different things." "

Nonsense - we assume good behaviour and look for the bad stuff. Thats the problem. We could always assume the worst (which is a fairly effective solution) rather than buy into some more 2.0 crap.

"DKIM adds a signature that validates that an email that appears to come from example.com actually comes from example.com."

Wow. I feel like they have reinvented the wheel. Perfect Web 2.0 thinking.

The madness is how many people want anything other than plain text emails? Maybe include attachements (word doc... tee hee...) but thats about it. I used to help administer a mailing list and the vast majority of the 30,000 subscribers complained when a test HTML message was sent out. All we happier with plain text.

Thanks to online shopping I get a fair bit of "rich" email from shops - every single one gets ignored. Not because I am scared they are a scam (although...) but simply because my email is for information rich messages, not someones idea of a million spacer.gifs to show some pointless corporate branding in the proper place.

2
0

DKIM can be faked

And that's why its not a good solution. A spammer sets up a domain with DKIM and thats it, compromise has happened.

0
0
Boffin

DKIM requires knowledge of domain reputation

Domain reputation is much more likely to be reliable than the reputation attachable using one or more DNSBLs to the originating IP address. We'll still need white/black/grey listing systems, but these will no longer relate to the IP address. They will relate to the goodness/badness that can be automatically derived concerning the reputation of the authenticated domain name e.g. by counting whatever arrives at very large spamtraps that isn't NDNs with null sender address. Then the spammers will have to pay mules to register their domains for them, but it won't take them very long to burn out a domain.

1
0
Paris Hilton

Why is it so hard for some?

I'm with most of the other posters here. It gets sent to me as plain, 7-bit ascii or it won't be read by me.

1
0
Silver badge

7-bit ASCII? Seriously?

I'm all in favour of enforcing a text+attachments messaging format, but this bizarre insistence on using a US-centric encoding standard from the 1970s is just idiotic.

Not all of us live in the US, you know. 7-bit ASCII doesn't even support some rather important British English glyphs, such as the £ (UKP) sign. Your method is therefore seriously broken and unsuited to anyone living outside the US of A.

The very least you should be using is ANSI, but what's so damned wrong with Unicode?

Oh, right: the original email RFC doc doesn't make any mention of either. So much for relying on that then. Guess your email idyll will exclude Canada, Europe, South America, Africa, Asia...

0
0
Bronze badge
Coat

Came for the Luddites . . .

. . . leaving satisfied. Go back to your typewriters, guys.

0
2
Badgers

The title is required, and must contain letters and/or digits.

How does this work exactly? I can't see any good way for a system to automatically determine which are the good domains and which are the bad ones. Do people have to click a "thumbs up" or "thumbs down" icon on every mail they get after they decide if its ok? Or is some invisible intermediary going to run anti-spam software on all the mail that comes through? (Obviously reading all your mail at the same time.)

Then again, I too am happy with my plain-text+attachment email. Mostly because this post is longer than the average email I send.

0
0
Silver badge

E-mail isn't broken - users are.

If some people want something different, go for it. Pick a port, call it something else, and leave what works alone.

0
0
This topic is closed for new posts.

Forums