 |
|
E-Mail
|
 |
|
Challenges
Spamming and computer viruses
The usefulness of e-mail is being threatened by three phenomena: spamming, phishing and e-mail worms. Spamming is unsolicited commercial e-mail. Because of the very low cost of sending e-mail, spammers can send hundreds of millions of e-mail messages each day over an inexpensive Internet connection. Hundreds of active spammers sending this volume of mail results in information overload for many computer users who receive tens or even hundreds of junk messages each day.
E-mail worms use e-mail as a way of replicating themselves into vulnerable computers. Although the first e-mail worm affected UNIX computers, the problem is most common today on the more popular Microsoft Windows operating system. The combination of spam and worm programs results in users receiving a constant drizzle of junk e-mail, which reduces the usefulness of e-mail as a practical tool.
A number of anti-spam techniques mitigate the impact of spam. In the United States, U.S. Congress has also passed a law, the Can Spam Act of 2003, attempting to regulate such e-mail. Australia also has very strict spam laws restricting the sending of spam from an Australian ISP, but its impact has been minimal since most spam comes from regimes that seem reluctant to regulate the sending of spam.
Privacy concerns
E-mail privacy, without some security precautions, can be compromised because:
- e-mail messages are generally not encrypted;
- e-mail messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages;
- many Internet Service Providers (ISP) store copies of your e-mail messages on their mail servers before they are delivered. The backups of these can remain up to several months on their server, even if you delete them in your mailbox;
- the Received: headers and other information in the e-mail can often identify the sender, preventing anonymous communication.
There are cryptography applications that can serve as a remedy to one or more of the above. For example, Virtual Private Networks or the Tor anonymity network can be used to encrypt traffic from the user machine to a safer network while GPG, PGP or S/MIME can be used for end-to-end message encryption, and SMTP STARTTLS or SMTP over Transport Layer Security/Secure Sockets Layer can be used to encrypt communications for a single mail hop between the SMTP client and the SMTP server.
Additionally, many mail user agents do not protect logins and passwords, making them easy to intercept by an attacker. Encrypted authentication schemes such as SASL prevent this. Finally, attached files share many of the same hazards as those found in peer-to-peer filesharing. Attached files may contain trojans or viruses.
Tracking of sent mail
E-mail traditionally provides no mechanism for tracking a sent message. The system(s) involved will generally make an effort to either deliver mail or return a failure notice ("bounce message"), but there is no guarantee that a message will actually be delivered, let alone read by the recipient. This is in contrast to the postal mail system, which offers registered mail or other forms of tracking and tracing.
To remedy this, mechanisms like Delivery Status Notifications (DSN) and return receipts were introduced.
|
|
|
