Future of eMail
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Future of eMail

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    159

    Future of eMail

    Lat year has probably seen the worst outbreak of email viruses trojans......

    The year alsop witnesses a massive increase in spam mail....... Although lot of companies came out with spam filter.... but then there was always a fear that legitimate mails are not been delivered to its destination.....

    All in all.. it was like poor insects caught in the spiders web..........

    Infact a recent survey pointed that big organizations have started relying on voice mails for communcating important messages......

    In early December, Congress passed the first federal law designed to regulate junk e-mail, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, better known as CAN-SPAM.

    There are so many solutions but i guess ..none adress the real concerns for email service....

    Spam filter are good.. but spammers always find a way to defeat it....

    The solution lies in basic email protocol itself which has few inherent flaws

    I remember a discusion with my CTO on this issue... we were using lotus notes... one of the paranoid security vendors pointed that anyone could send mail forging to be our companies MD.. I had a though time explaining my CTO at that time that it was possible for even me to send a mail a bill_gates@microsft.com.. or for that matter any mail id....

    There is no genuine authentication that ever takes place in emails.anyone can email to anyone....with so many open relay servers anyone can send tons of messages to the world.....

    So have we seen a rise in emails used to dupe critical information from users.....

    I had personally caught one such incident where the sender proclaimed that they were partners of yahoo and mentioned that enter your yahoo userid and password to access the whole new world of exciting free greetings... I guess it was to snatch people yahoo id....

    The page was built exactly like a yahoo page... which was send to user as email....

    Experts have recommended charging of few amount while sending messages,, in that way spamers would think twice before spending so many messages... rankly i dont see this as solution....

    Seriously I feel there should be a system where email can be authenticated..... every sender needs to be properly identified.... and verified that the source is valid....

    Again the basic protocols used for email are full of flaws.... SMTP which are not properly configured act are open relay server for spammers.....

    Pop, Imap and SMTP send unencrypted messages whereby increasing the risk of message being intercepted and disconfigured........

    With so many problems around emails.... I guess what really would be future of email ???

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I'll take years (Bill claim 2 years) before email start being succesfull again. The complete system has to be think and I'll be LONG!
    -Simon \"SDK\"

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    I've heard that SMTP and a few other protocols are soon to be replaced for more secure versions.
    -

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    There have been attempts at Secure-SMTP but some of them have issues with legacy and non-Windows OSes. One of the things, contrary to Bill's claim, is that much of the "phishing", spamming and other techniques will always work because they aren't dependent on technology to solve them. They are, however, dependent on humans to believe them. As long as humans believe the message they receive is legit there will be a market for this kind of abuse.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    an with an estimated 60000 people signing on for the first time every day there is no shortage of inexperienced users. thats 41.666 every hour (41 people and a beast)
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    IMO we have 2 problems to solve or at least address BETTER than we do today: one is human nature and the other is technological.

    Human Nature:
    I acknowledge that we are always going to have users who are _duped_ by email scams/advertising/you-name-it, that's a form of social engineering of course and we'll ALWAYS have it. While user education will help, there is a natural human tendancy of trust you are fighting against: people are trusting. So while we cannot ignore or avoid training and educating our users, it wont work by itself.

    Technological:
    I am however, hopefull that efforts by the IETF's Anti-Spam Research Group will produce some standards that we can use it to at least REDUCE the amount of SPAM traversing the Internet. I also acknowledge that this is many many months if not years away. I have heard that they are working pretty hard on it, as opposed to the normal slow process (which does have a purpose I know but we all dont like SPAM...right?).

    Most proposals on the drawing/discussion board at ASRG are based on ways to validate that the sender is authorized to send the email to the recipient. Some example methods include authentication, modifying mail exchangers, using DomainKeys (a proposed method of authentication from Yahoo Inc.) and standardizing C/R (challenge/response) systems. Authentication won't stop SPAM but require registration and allow us to blacklist them. The DomainKeys is interesting as it adds a digital signature and public key to a header of a message. Software on the DNS server validates the keys. This wont break existing systems because existing standards allow for experimental headers.

    If you have some solutions in place like above, you can setup (and should do so) delivery verify to ensure your message was delivered. Delivery verification will grow to be more important in near and long term future as anti-SPAM solutions are deployed which could potentially filter out _good_ emails. I know that I expect EVERY ONE of my emails are delivered to the recipient, otherwise I would have received a Delivery Failure...right (unless it was flagged as SPAM ).

    Hope I didn't put anyone to sleep with this, just some thoughts.

    By-the-by, here are some links to some of the stuff I mentioned above:
    * ASRG SMTP-VERIFY: http://asrg.sp.am/subgroups/smtp_verify.shtml
    * Interesting new draft called _No Soliciting SMTP Service Extension_, kind of like the do-not-call-list of telemarketers: http://www.ietf.org/internet-drafts/...iciting-06.txt

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Frankly... I was curious to ask our members.. whether they have personally witnessed a change in the email patterns over a period of time....

    Personally .. For me.. Now I open my mail account once every Two days......

    I am not mentioning my company account.... but my personal mail account....

    Most of the times I find spam mails flooded in my mail account.......

    And yes I have had occasions where legitimate mails were marked as junk and i had to search them from around other 200 junk mails......

    Often heard of new protocols like SMTPi , SMTP over SSL... but then always heard about it never saw any of them getting popular..

    But on3e thing is very clear.... we are years away from what could be a ideal secured email environment.....

    IP6 promises a lot of things.. but I guess it will take a very long time for being implemented....

    As I had mentioned we all users are like insects trapped in the web....
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Originally posted here by Tedob1
    an with an estimated 60000 people signing on for the first time every day there is no shortage of inexperienced users. thats 41.666 every hour (41 people and a beast)
    I always thought 60000 was divisible by 24, 2500 times. That would be 2500 people an hour signing on for the first time wouldn't it?

    Pretty scary to see exactly the rate of growth and the amount of new potential victims.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Even 2500 users signing up... is a big amount..... in other words 0.42 Million new targets every week for spammers.... i.e 1.68 Million every month

    Again the trend being when you are new to net.. you love to open multiple mail accounts almost click and try to open every mail....

    So in realistic terms.. the target would be more han o.42 Million....

    phishphreek80 a book on Internet for complete retards would turn out to be the best selling book going by the stats....

    Seriously I guess there is a need for user awareness.... when you have such a large volume of new users added every day....

    I must appreciate the role AO and many other sites like AO have been undertaking in the field of Information Security..... But I guess all these sites have a much bigger role to play in the form of spreading awareness amongst the users..... and educating them on the rightful and secured usage of internet technologies.....
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    anjali, the problem is that the average user isn't going to look for a security site like AO until they need it -- and by then, it's too late. The reality is many people take the idea of "I have nothing worth stealing" when it comes to security and yet they forget that they do have something very valuable -- their identity and privacy. As far as I'm concerned, spam is a violation of my privacy as it intrudes into my personal space without my permission. And when I attempt to leave it, I'm added to a list of other spammers -- without my permission (although apparently in their AUP they say by my removing myself I'm giving an OK to be added to lists?!)-- so that my privacy can be affected again.

    If people would stop buying/investigating what the spammers had to offer we'd actually see a drop in spamming. The only reason why it happens is because it works as a method of advertising. It's not sites like this that people need to visit. It's information on this kind of stuff that needs to visit elsewhere -- mainstream media and on a regular basis, not just once and while. Everyday.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •