[FoRK] At what point is email officially broken?

Jim Whitehead < ejw at soe.ucsc.edu > on > Thu Dec 7 09:42:50 PST 2006

> Why, yes, I got that the first time.  What specifically needs fixing?

This is trolling for a specific technical recommendation. I don't  
want to go down that particular path.

I want to focus on my main point, which is the current email  
infrastructure is broken in the sense that it permits excessively  
large amounts of spam. Once there is agreement that the current  
infrastructure is broken, then we can begin to examine the design  
space of possible solutions.

Yes, I did read the document you referenced (http://www.craphound.com/ 
spamsolutions.txt). One can view it as an attempt to defend the  
existing infrastructure by pointing out problems in the suggested  
fixes. It doesn't work: even after all of the half-baked solutions  
have been (rightfully) dismissed, the spam problem is still with us,  
and email is still slowly dying.

This is why I'm avoiding giving a technical "fix". Once I do this,  
you'll point out the N objections to that fix from the  
spamsolutions.txt post, and thereby dismiss the main point, claiming  
that since there is no good fix, the email system therefore must not  
be broken. However, it's entirely possible for the email system to be  
broken, even if there is no known (at present) fix.

A more productive way to view (http://www.craphound.com/ 
spamsolutions.txt) is as a series of goals for a new email  
infrastructure (avoid these known pitfalls). It will not be possible  
to avoid all of the pitfalls identified. Like any design process,  
there will be tradeoffs.

>> Eliminating all security holes in software the size of current
>> applications is, as far as I know, beyond the current state of the
>> art in software engineering.
> Correct.  So what's your point?   I guess I was mistaken in assuming
> that you were already aware that Windows has so many holes, an  
> unpatched
> machine will likely be compromised in less time than it takes to
> download the patches.

My point is that eliminating Windows and Outlook would mean that  
security attacks would start focusing on whatever became the existing  
dominant platform. Since it is beyond the state of the art to make  
software completely secure at present, this means that *whatever* the  
dominant platform may be, it will be susceptible to security attacks.  
Mac OS X has been lucky so far.

- Jim

More information about the FoRK mailing list