December 4th, 2005

Whoa!

Someone please point out the error of my ways

I've been thinking about email, and the ways that it's fucked, and possible solutions.  And sadly, I'm not a deep technical expert in the area, although I pay a fair bit of attention and I'm not completely ignorant, so I was hoping that someone would be able to point out the error of my ways...

Anyway, the major problem with email is that idiots can use it to send spam and viruses.  And you can't easily trace it to its source, because the protocols it uses to send email aren't even remotely secure.  You can, in fact, pretend to be President Bush, or God in the headers, and the receiving server will have no idea you're not telling the truth.

Now, one proposed solution is SPF, which checks a list for the domain of the supposed sender that specifies which domains are allowed to send email for it.  So, for instance, I could set SPF up so that ducker.org.uk mail is allowed to be sent from both *.ducker.org.uk and smtp.orange.net (my phone provider - who won't allow me to send email through my standard mail provider, and insist on taking care of it themselves).  The main problem with this, as far as I'm concerned, is that it means that hundreds of millions of not-terribly-technical people will have to set up quite arcane settings that may preclude them from sending email when they get them wrong.  Hardly ideal in anyone's books.

Now, the simple solution is to say that when it comes to sending email, mail from andrew@ducker.org.uk should only come from a mail server that's *something*.ducker.org.uk.  Anyone up to the take of setting up their own servers is perfectly capable of also setting up the names so that the mail server is in the same heirarchy as the hosts that email is sent for, after all.  And this is almost certainly fine for absolutely everyone who uses their server to send email.

And it provides total security, providing you use authenticated to make sure that only people who are allowed to use mail.ducker.org.uk can use it.  Which is, in fact the case - if you don't have a password, you can't use that server to send email.

The problem is for ordinary people, who _can't_ use their server to send email.  For people who are stuck sending email through their ISPs mail server, or through their mobile phone provider's email server, this is just going to leave them unable to send email at all.  They can still read email (no ISP, as far as I know, stops people _reading_ email from other servers), but they can't send it.

At which point it hit me - there's a perfectly good mail reading protocol called IMAP, which allows you to store your email on your server in a series of folders and read them remotely without permanently moving them from the server to your local PC.  It's a vast improvement over POP for general email reading, and having switched to it, I can't think of a single reason why anyone who ever reads their email from more than one place would use anything else. 

The important bit in that last paragraph is "series of folders"...  One of those folders tends to be "Sent Items" (or equivalent) and it occurred to me - why not have one of them be "Outbox"?  Add a 'special' folder, that would be monitored for emails being placed in it, and they would then be passed onto the correct outgoing mail server (and also to Sent Items, according to your preferences).  This addition would mean that the current method of sending email - SMTP - would be used _only_ for server to server communication, and IMAP+Outbox would be used for sending email from client to server.

Is there a massive flaw in my suggestion - other than it'll take a fair bit of time for any such thing to become standard?  Has it been suggested many times before?  Does anyone have any suggestions who would be a good person to tell me why it's a stupid idea?
calvin dancing

Gaming

Spent this afternoon playing Settlers of Catan on Neil's 3D board.  You can see pictures here of the board - it's very cool, although I wouldn't have spent the £275 it cost.  Still, when it's all hand painted and comes in a very nice chest, it's probably not actually that overpriced.