Email in today’s world is a catastrophe that no one is willing to confront. It is time to start telling the truth about email and the underlying protocol of SMTP.
Let’s start by examining how broken email truly is. Barracuda Central, part of Barracuda Networks, charts the activity from “50,000 Barracuda Networks products in more than 80 countries and 17 languages”. The site reveals some amazing statistics. For example, on Tuesday, July 8, 2008, from 0500 – 0559 (GMT) there was a total of 76.4 million emails received; of which only 3.24 million were allowed. That is an astounding 95.75% of all email during this 60 minute period was bad mail. A quick glance at the hourly stats for the whole day and the bad mail average hovers around 92% – 93%. What technology in the world would we consider implementing that has an abuse rate of 90%+? None other but email.
SMTP a brief history
How did we end up with such a terrible state of Email? Email is routed and delivered based on a protocol called SMTP (Simple Mail Transfer Protocol). When SMTP was created in the early 1980s it was a wonderful platform for delivering messages but it relied on the atmosphere of the internet during that time. First, you must consider that the internet was populated mostly by military installations, corporate research entities, and universities and it was still small enough you could readily identify any node. This small population and easy identification created an inherent trust of other hosts on the network. Secondly, internet connections were very slow and many times unreliable so any communication means had to be robust and focus on reliable delivery. When Jonathan Postel wrote the RFC on SMTP in 1982 he designed it within this environment of trust and used a mechanism generally referred to as best effort delivery to overcome connection issues. SMTP quickly garnered wide spread adoption. Email had been created.
The mail must get through
Most anyone can tell you that the USPS motto is “Neither rain, nor snow, nor sleet, nor hail shall keep the postmen from their appointed rounds”. (In actuality it isn’t their official motto but we make the association anyways). We know that no matter what the Postman will do whatever they can to deliver our mail. This idea of the importance of delivery is ingrained in our very culture and the mindset has shaped our view concerning electronic mail as well. In the past it was common for server admins to configure their servers to be “open relays”. These open relays would send and receive mail regardless of the sender or recipient. It was a good faith gesture to help deliver the mail. Deliver at all costs.
Processed Meat
The very trust and reliable delivery of the SMTP protocol as well as the culture of “deliver at all costs” created a system ripe for abuse. Since the introduction of large scale Spam in the 1990′s we have spent millions of dollars and worked untold man hours trying to retrofit SMTP with security. We have had limited success but we are trying to pretend that a 1982 protocol is the right method for our modern electronic messaging. It isn’t. SMTP should be replaced.
Many will argue that there is not migration path to replace SMTP because it is too widely deployed and they might be correct but I somehow think that the primary obstacle to replacing SMTP is the countless vendors who have built an industry around insecure email. They aren’t interested in fixing the problem they just want to help us live with it. Interestingly enough they have created as many headaches as they have solved. If you’ve ever been erroneously blacklisted you now how troublesome these protection systems can be. More money and more addons yet it feels like we are still spinning our wheels.
SMTP will probably be around in 2082 and admins will be fighting many of the same battles.
Related posts:
{ 3 comments }
Methinks you may be on to something there, Tsu… Let me tell you after we started moving e-mail domains about 3 weeks ago, my world has been wrought with questions of DNS and SMTP related questions… You know you have been thinking about MX and PTR records to long when you begin to frame ideas as to whether it has a reverse lookup option… Ugh… Don’t get me started on the gauntlet an e-mail administrator must go through these days. I mostly feel sorry for those folks who thing e-mail just magically appears – like Santa Claus or the stork, right?
Methinks you may be on to something there, Tsu… Let me tell you after we started moving e-mail domains about 3 weeks ago, my world has been wrought with questions of DNS and SMTP related questions… You know you have been thinking about MX and PTR records to long when you begin to frame ideas as to whether it has a reverse lookup option… Ugh… Don't get me started on the gauntlet an e-mail administrator must go through these days. I mostly feel sorry for those folks who thing e-mail just magically appears – like Santa Claus or the stork, right?
Methinks you may be on to something there, Tsu… Let me tell you after we started moving e-mail domains about 3 weeks ago, my world has been wrought with questions of DNS and SMTP related questions… You know you have been thinking about MX and PTR records to long when you begin to frame ideas as to whether it has a reverse lookup option… Ugh… Don't get me started on the gauntlet an e-mail administrator must go through these days. I mostly feel sorry for those folks who thing e-mail just magically appears – like Santa Claus or the stork, right?
Comments on this entry are closed.