Principles of email in the modern age

March 18, 2009

This is not the Internet that we used to have, and so email is not what it used to be; now it is less. So I think that we need (or could do with) some principles of email for the modern age of the Internet, things that can guide people writing applications that might use email as part of their interactions with the world.

Now, a disclaimer: people are going to have different views of this. My view is a tired and somewhat cynical anti-spam biased one, added to sysadmin caution; optimists will be, well, more optimistic.

So, in my view, here are some principles of email in the modern age:

  • email can only be sent to people who've already registered with you; among other consequences, you can never send email to person B just because person A said it was okay.

  • email is not reliable; there are too many spam filters and people hitting delete really fast because your subject lines looked suspect or they've never heard of you or whatever.

  • email is not trustable, or at least you should not train your users that it is, because your users are generally incapable of correctly judging whether or not they should trust a specific piece of email.

The last principle is a bit subtle. If your users get specific trustable information in email, you are training them to trust the information that they read in 'your' email. Phishers and other malicious parties love that, because they can forge your email and most people, who are not suspicious, will believe it.

There are probably more sensible principles that I am not thinking of right now. Suggestions are welcome.

(Note that I am skipping operational issues.)

Comments on this page:

From at 2009-03-18 09:53:09:

So... could it be that that mr. Zimmermann foresaw a theoretical answer in 1991?

- j.

By cks at 2009-03-19 23:02:51:

To the extent that IM2000 and similar schemes are email-like, they can't solve phish spam. Nothing that is can, really, because of the fundamental spam problem.

(I am not confidant that you can avoid phish attacks even in a closed environment, but you have a better chance of it.)

Written on 18 March 2009.
« An important gotcha with iSCSI multipathing in Solaris 10
An obvious thing about dealing with web spider misbehavior »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Mar 18 00:20:37 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.