Battered by junk and reeling under makeshift fixes, e-mail is ripe for reinvention. Here's how six of the industry's most provocative thinkers envision a brighter day E-mail is the victim of its own backward economics. Anyone can send a message to anyone else postage due; the sender pays almost nothing, while the recipient pays in time and money to download and read the message. With that kind of incentive, it’s surprising that only 60 to 80 percent of e-mail traffic is unsolicited ads.Any doubts that spam is the biggest problem on the Net were erased in February, when Bill Gates turned it into a keynote topic at RSA Conference 2004. As usual, rather than propose a new idea, Microsoft’s chief software architect gave legs to existing schemes. Gates’ first proposal, caller ID for e-mail, would use DNS to filter messages from forged addresses. A more high-concept Microsoft research project called Penny Black would require e-mail users to attach e-stamps to messages before sending them to strangers — the stamps would be cryptographic tokens bought not with cash, but with 10 seconds of CPU time. Clever, but hackers are already cooking up ways to cheat the system.Whenever Gates shows up, you know the tipping point has arrived. Instead of tinkering with ever more complex anti-spam filters and gateways, it’s time to rethink the way e-mail works in the enterprise. With that in mind, we rounded up a half dozen successful software entrepreneurs — plus one unrepentant spammer — and asked them how they would change the system to remove mass-marketers’ incentives to flood your workplace with ads. Our six experts gave us six different answers. But all of them agreed that positive identification, rather than rejiggered economics, is the key to clearing the clutter from the e-mail channel in the enterprise. To be clear: Privacy and anonymity are values worth preserving on the Internet. In the workplace, though, the rules are different. As one of our panelists put it, the rules are different. No one should be prevented from posting personal opinions anonymously, but you’d have to be crazy to do business with someone whose identity can’t be verified.From: Eric AllmanSubject: Redesign SMTP Before getting too blue-sky on e-mail, we decided to take a look under the hood at the current system. As the author of Sendmail, the program that’s served as the Net’s primary mail transfer agent for more than two decades, Eric Allman has definite ideas on what he’d do differently were he to start on the program today, rather than in 1981 when he coded the first version as a student at the University of California, Berkeley. “The thing that made e-mail so great was that it was completely out of control,” he tells InfoWorld. “But everyone was working toward a common goal.”If he could start over, Allman would retool the existing protocols with the benefit of hindsight, instead of throwing them out completely. “The first thing I’d say is we had not anticipated the security needs,” Allman says. “Authentication should just be built in.”Rather than focus on DNS-based authentication, Allman would choose a cryptographic solution. “I would put something into SMTP that required authentication before proceeding, just as we have with POP. It’s a bit harder than that because unlike POP, SMTP connections may not have any prior relationship, so things like shared secrets are out of the question.” Allman’s dream solution includes an Internetwide standard domain-authentication mechanism. “This would be part of an optional standard connection initiation protocol,” he says, “so we wouldn’t have to reinvent authentication for each and every use.”Over the past two decades, Allman’s views on privacy haven’t changed. He still believes it’s a necessity, but he’s developed a more sophisticated view of how to implement it. “I used to feel anonymity in the base protocol was important,” he says. “But if someone brought up an anonymity server that would do re-mailings for you, that would allow this. The trick, of course, is to avoid abuse — this could perhaps be done by having explicitly tagged addresses that are willing to receive anonymous mail. Whistle-blower addresses, investigative reporters, and so on might be willing to receive arbitrary anonymous messages,” using servers that don’t keep any logs that could be subpoenaed.Allman thinks that problems with e-mail today extend beyond unsolicited ads. “There are lots of definitions of garbage,” he says. “Spam is just the worst one. I know several people who’ve just given up on e-mail. They’ve gone back to having ‘their person’ do it. It’s not just spam, it’s also the continuous, ‘Gee, can you help me on this?’ No matter how big a shovel you have, you can’t get rid of it.” From: Bill WarnerSubject: Identify Yourself“Saying I like challenge-response systems is like saying I like duct tape,” says Bill Warner, whose frustration with endless rounds of phone tag led to his development of the Wildfire voice system in the 1990s. Warner runs his own challenge-response server to kill incoming spam but would rather see the system redesigned more along the lines of the U.S. Postal Service — not meaning the government would run it, but that there would be some people-centric checks on identity and abuse. “It comes back to authentication,” Warner says. “If you want to put a server on the system and use DNS, you’ve got to find your way into DNS somehow. We’ve managed to build a network of millions of servers around the world with a fairly open and clear process of registering for it. Why can’t we do that with e-mail?”Warner isn’t talking about validating sender IP addresses, but instead having some idea of who’s behind them. “Part of the problem is e-mail creates a large scale of anonymity. The postal service doesn’t have that problem. You can send e-mail through the postal service, and it doesn’t get more than a postmark. But you don’t get to drop a million messages in the system. If you’re a big mailer, you’re going to be known. If you deliver a million pieces of mail to the post office, they’re going to know who’s doing it,” and they’re legally obligated to deliver them all.In short, Warner thinks that instead of focusing on caller ID schemes that identify servers, we should reach past the computer to identify the person sending the message. “In a society founded on openness and transparency, one of the fundamental tenets is that people can be identified. A person is allowed to go out in public wearing a mask. But no one will give them a job, and no one’s going to buy anything from them in a store. You’re not going to let them through the front door of your business.” Same with e-mail. “You still have ways to be anonymous. But someone who wants to get in the door and do business with you will have to take the mask off.” From: Eric HAHNSubject: XML for E-mailYou may remember Eric Hahn as Netscape’s CTO or as a member of Red Hat’s board of directors. Today, Hahn is chairman of his own startup, Proofpoint, which sells spam filtering solutions (infoworld.com/1220). Hahn thinks Proofpoint’s products are just the first instantiation of a much larger transition, in which e-mail becomes XML-encapsulated metadata. “Corporate mail processing isn’t about just spam and viruses,” Hahn says. “Most companies have a long list of things they want to see true about their mail. A corporation is going to need to do n things to each e-mail message, where n is greater than two. How are you going to do the next eight things?”Hahn says those eight things might include: acceptable use policies regulatory constraints on what can be e-mailed inside and outside the company support for potential litigation, either as plaintiff or defendant intellectual property concerns line-of-business systems integration issues, such as employees who reply to customers outside of the company’s CRM system. Does this mean your company will be reading my e-mail? “Not at all,” Hahn says. “When we’re trading patient records, or talking about a stock trade, we shouldn’t have to search the content. We should be able to annotate it,” using expandable, XML-driven solutions such as DRML (Data-entry and Report Markup Language). “We need to have an ingrained metadata structure beyond these silly X-headers.” From: Ray Ozzie Subject: Shift Your Paradigm Creator of Lotus Notes, the groupware used by 100 million people, Ray Ozzie has spent years studying how people use their inboxes. His current company, Groove Networks, produces software that allows people inside and outside an organization to share workspaces and files over a secure, peer-to-peer connection. But Ozzie is aware that Groove’s biggest competitor is e-mail. “For most users of the Internet,” he says, “e-mail is the preferred means of swapping information — whether text or files — because it’s easy to use and it usually works, even across firewalls.” Yet Ozzie feels e-mail has been pushed to the breaking point, past the limits of its original, intended purpose. “At a time when we are needing new methods to cope with information overload, the e-mail paradigm is showing its 30-year-old age,” he says, resulting in lower and lower productivity gains. “Not only are there the obvious issues of spam and viruses; it’s now quite common that large files and common file types such as .doc are not allowed to pass through firewalls because of aggressive IT bandwidth, storage, and e-mail-filtering policies.” Ozzie doesn’t claim Groove is the solution for all these issues. Rather, it’s one part of a strategy to move workplace activities out of, rather than into, e-mail. “Rather than trying to cram all sorts of new things into e-mail, we should listen to what’s actually happening at the leading edge of the market: Instant messaging is a tremendously useful paradigm that takes interpersonal communications in a new direction. Skype [which lets PC users make phone calls to each other over the Net] sits next to e-mail quite nicely, thank you. RSS readers and aggregators are showing us that there are better ways to do notifications and publish/subscribe than filling our inbox.” Groove, for its part, provides a security-wrapped workspace for collaboration and shared documents, rather than keeping them in e-mail folders. In short, Ozzie has no interest in re-inventing e-mail. “The question,” he says, “is: ‘What new and more appropriate paradigms will emerge to reflect the fact that, in this world of ubiquitous computing and communications, the nature of work is fundamentally changing?” From: Dave Winer Subject: RSS to the Rescue As one of the Net’s top bloggers and a leading contributor to the RSS standard for online content syndication, Dave Winer, chairman and founder of Userland, recently reinvented himself — as a Harvard fellow at the law school’s Berkman Center for Internet and Society. When it comes to rethinking e-mail, Winer’s goal is the same as Ray Ozzie’s but from the opposite direction. “You have to go up a few levels,” Winer says. “There are two sides to it: reading and writing. At the core, RSS is about publishing. It’s philosophically opposite to what Ray Ozzie does. Ray is about privacy [for shared files and work spaces]. The root word of publish is ‘public.’ “ But Winer agrees on the endgame: “E-mail is over as a publishing medium. You’re better off publishing a Weblog with RSS feeds people can subscribe to.” For one-way information flows, the protocol enables companies to set up archived, searchable feeds rather than leaving it to employees to fish old messages out of the inbox. “You can subscribe to things created by other workgroups or to the person who sends around e-mails with links to articles, saying ‘you gotta read this.’ What another division is doing, what your competition is doing — these are all information flows in a company that you can make into feeds, rather than mass e-mailings.” Having seen his own inbox get out of hand, one of Winer’s design goals was to keep RSS unspammable. He did that, he says, by making sure the system stayed opt-in at both ends. “Once someone sends you something you don’t want, you can vote them out with your cursor.” If you’ve ever tried to unsubscribe from a mailing list that just keeps coming, you know the problem. “There’s one RSS publication I subscribe to that had no ads in it when I started,” Winer says. “Then they began having one ad per day in the feed. Now practically every other message is an ad. I’ll be unsubscribing soon. One click and they’re gone.” From: Brewster Kahle Subject: Book ‘Em! Serial inventor and entrepreneur Kahle created one of the first Internet search engines, WAIS (wide area information server), and then built a system, Alexa, for tracking Net users’ behavior en masse and sorting Web sites automatically based on the traffic. Now, as head of the Internet Archive, he has embarked upon a quest to build the modern online equivalent of ancient Egypt’s library in Alexandria. Kahle thinks that people who abuse the basic openness of the Net should simply be busted. “Fraud strikes me as something that we should put people into jail for,” he says. “If someone sends you a letter saying, ‘Hi, I’m Bill Gates, and I want to sell you something,’ how would that be greeted? Right — as a crime! What are we missing here? What happens if we nail the top 100 spammers? Why haven’t we used normal law enforcement?” Yet Kahle thinks the current focus on anti-spam legislation is misdirected. “We don’t have to reinvent law. We might already have the pieces together that we need.” He cites the Digital Millennium Copyright Act (DMCA) as an example of legislative overreaction to new technology. Instead of passing sweeping new laws like the DMCA, Kahle says, “We can just apply normal law to this situation. Look at what happened with packaged software in the early ’80s. This was software that was valued at hundreds of dollars that was being copied for free. They tried copy protection. They tried to create all these technical fixes. It didn’t work. Instead, they fell back on the law. Now, people who steal expensive software go to jail.” How would that apply to spammers? For those who don’t use their real names and addresses, Kahle says, “You should be able to go to the FBI and say ‘Hey, I’m getting forged documents.’ Will this stop everything? No, but it would discourage people from using fake addresses. We just haven’t made it a priority to crack down on them.” Kahle’s different from most spam-bashers in that he thinks online advertising is just fine. “It’s always going to be a mini-industry to advertise to people on the Net,” he says. “And I don’t think we should make everything completely pristine, because a lot of good ideas come from the shadows. We just want to know when we’re dealing with the shadowy areas of the Net and when we’re not.” To that end, one of Kahle’s proposals would require e-mail senders to list the jurisdiction under which their messages are sent. “If you get something from the .uk domain, you’re pretty clear on the rules its sender operates under in England. But if the mail is from .to, you might not know, and you could be a lot more suspect about it. It’s the same reason ships fly flags of different countries.” Internet entrepreneurs tend to be leery of government involvement. Kahle, by contrast, is all for it, citing Ben Franklin’s 30-year role in shaping colonial American’s postal systems. “E-mail is as important now as the postal system was in the Revolutionary days,” Kahle says. “Why aren’t we taking it that seriously now?” Software Development