Can e-mail be saved?

E-mail is the victim of its own backward economics. Anyone can send a message to anyone else postage due; the sender pays almost nothing, while the recipient pays in time and money to download and read the message. With that kind of incentive, it's surprising that only 60 to 80 percent of e-mail traffic is unsolicited ads.

Any doubts that spam is the biggest problem on the Net were erased in February, when Bill Gates turned it into a keynote topic at RSA Conference 2004. As usual, rather than propose a new idea, Microsoft's chief software architect gave legs to existing schemes. Gates' first proposal, caller ID for e-mail, would use DNS to filter messages from forged addresses. A more high-concept Microsoft research project called Penny Black would require e-mail users to attach e-stamps to messages before sending them to strangers -- the stamps would be cryptographic tokens bought not with cash, but with 10 seconds of CPU time. Clever, but hackers are already cooking up ways to cheat the system.

Whenever Gates shows up, you know the tipping point has arrived. Instead of tinkering with ever more complex anti-spam filters and gateways, it's time to rethink the way e-mail works in the enterprise. With that in mind, we rounded up a half dozen successful software entrepreneurs -- plus one unrepentant spammer -- and asked them how they would change the system to remove mass-marketers' incentives to flood your workplace with ads.

Our six experts gave us six different answers. But all of them agreed that positive identification, rather than rejiggered economics, is the key to clearing the clutter from the e-mail channel in the enterprise. To be clear: Privacy and anonymity are values worth preserving on the Internet. In the workplace, though, the rules are different. As one of our panelists put it, the rules are different. No one should be prevented from posting personal opinions anonymously, but you'd have to be crazy to do business with someone whose identity can't be verified.

From: Eric Allman

Subject: Redesign SMTP

Before getting too blue-sky on e-mail, we decided to take a look under the hood at the current system. As the author of Sendmail, the program that's served as the Net's primary mail transfer agent for more than two decades, Eric Allman has definite ideas on what he'd do differently were he to start on the program today, rather than in 1981 when he coded the first version as a student at the University of California, Berkeley. "The thing that made e-mail so great was that it was completely out of control," he tells InfoWorld. "But everyone was working toward a common goal."

If he could start over, Allman would retool the existing protocols with the benefit of hindsight, instead of throwing them out completely. "The first thing I'd say is we had not anticipated the security needs," Allman says. "Authentication should just be built in."

Rather than focus on DNS-based authentication, Allman would choose a cryptographic solution. "I would put something into SMTP that required authentication before proceeding, just as we have with POP. It's a bit harder than that because unlike POP, SMTP connections may not have any prior relationship, so things like shared secrets are out of the question."