Email - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Email

Description:

First came anti-virus, content filtering, and anti-spam basics on a site-wide level ... Security (and privacy) of information is a major challenge ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 15
Provided by: erica3
Category:

less

Transcript and Presenter's Notes

Title: Email


1
Email Then, Now, and Later
  • Eric Allman
  • Thom OConnor
  • Sendmail, Inc.

2
A (Very) Brief History of Email
  • Email springs from the ArpaNET as an afterthought
    special form of file transfer
  • Slow networks, low volume, limited audience
    (academic and research)
  • Quickly became a killer app
  • 1984 Internet appears, still limited audience
  • April 30, 1995 The rules change Internet is
    privatized net becomes available to anyone with
    money for any purpose
  • Some privately held backbones prior to this, but
    limited commercial use because of government
    rules
  • Email becomes a critical part of the business
    infrastructure

3
Where Are We Right Now?
  • Good (but could be better) timely, anywhere
    access, reasonable marginal cost, ability to file
    and store, searchable (sort of), can auto-handle,
    elements of privacy and reliability
  • Not so good spam and viruses are here to stay
  • When theres money to be made, people will figure
    out how to make money
  • Think of spam as roaches you can keep them under
    control but not eliminate them (Dave Crocker)
  • Commercial entities want to use email to supplant
    physical mail bills, statements, ads, trade
    acknowledgements, etc.
  • Traffic load keeps going up this isnt going to
    change even when we fix the spam problem

4
Pressures Placed on Email Today
  • Summary better control and access, more secure,
    reliable, and flexible
  • Message filtering and filing capabilities on the
    server brought down to the end-user level (better
    control)
  • Integration of wireless access with traditional
    methods of access (better access)
  • Synchronization of data regardless of access
    method (more flexible)
  • Message validity and classification (more secure,
    more reliable)

5
Better Control
  • Message filtering and filing capabilities
  • First came anti-virus, content filtering, and
    anti-spam basics on a site-wide level
  • Soon after, it was Classes of Service, with
    different groups of users with different needs
  • Now its complete per-user control
  • SIEVE filtering and fileinto (RFC 3028)
  • SMS notification and forwarding
  • User-based classifications of what is valid and
    not valid (spam) email
  • Need to push per-user controls out to the
    perimeter

6
Better Access
  • Everything going wireless and everyone going
    mobile (obvious)
  • Security (and privacy) of information is a major
    challenge
  • The basic protocols exist to provide the access,
    but not easily assembled HTTP/HTTPS,
    IMAP/IMAPS, WAP, iMODE, RSS, WebDAV, and a mix of
    proprietary protocols (e.g., Blackberry)
  • Users want all functions on all devices

7
More Secure
  • Everyone talks the security talk, but not enough
    walk the security walk
  • Some ISPs block or redirect outgoing port 25
  • Challenges interoperability (PKI, certificate
    management), MUA (client) implementation
    differences, ease of use, corporate enforcement
    policy
  • Being driven by legal and policy issues
  • SEC, HIPPA, Sarbanes-Oxley
  • Continued slow growth of STARTTLS and SMTPS,
    IMAPS, POPS, Public Key encryption (PGP
    S/MIME), HTTPS
  • Still need a trigger to kick-start wider usage of
    encryption in email

8
More Reliable
  • The clear need for authentication
  • Sender domain authentication is the necessary
    precursor to the next big thing in email
  • Authentication introduces accountability, message
    identification, and prioritization
  • Service providers will need to have their users
    authenticate before submitting mail (RFC 2476)
    transitive accountability
  • The best authentication is one based on proven
    security techniques such as SMTP AUTH (RFC 2554)

9
What You Should Think AboutWhen Designing an
Email System Today
  • Scaling for the present and the future
  • Regulatory compliance
  • Reliability appropriate for your needs
  • E.g., redundancy if necessary (but expensive)
  • Resilience against Denial of Service attacks
  • Flexibility to do what you need
  • Dont get caught up in a single litmus test
  • People are more expensive than silicon move work
    from people to computers wherever possible

10
Predictions about the Future (23 years)
  • Obvious
  • Volume will continue to go up for quite some time
  • Spam will be better addressed, albeit not fixed
  • Companies will separate their mail based on class
    and outsource a lot of it
  • Bill presentment, advertisements, newsletters,
    etc.
  • Personal exchange with customers, partners, and
    colleagues will be treated separately and
    differently
  • Legal landscape will change e-information will
    be held to stricter standards than paper
  • Mail will move toward IM but not fully merge
  • SMTP will morph, but there will be no serious
    contender for replacement

11
Spam Predictions (Next 23 Years)
  • ePostage wont succeed for several years
  • User resistance
  • Vendor bickering
  • Pragmatic problems
  • Authentication techniques will help dramatically,
    but will not solve the problem by themselves
  • Fraud will be directly addressed and reduced
  • Spammers will adapt to the extent they can, but
    they will be more exposed
  • Accreditation/Reputation systems will gain a
    foothold, but not globally value will be
    debatable
  • Most pure content-filtering techniques will
    stumble because they just cant keep up

12
Problems Without (Current) Solutions
  • Enforcing encryption by the message recipient (I
    dont want to accept unencrypted mail from
    Travelocity)
  • Automated outgoing encryption (per domain and/or
    per recipient) available on a limited basis
  • Better PKI DNS use for key distribution may not
    scale well, especially to larger keys
  • MUA support for new functionality e.g., display
    authentication status Microsoft is doing some

13
Conclusions
  • Email is not dead, far from it expect more, much
    more but dont ignore serious challenges
  • SMTP is not dead, but it will change to meet the
    demands (e.g., SUBMITTER extension)
  • Authentication will be a major and important
    change, but wont immediately do as much as we
    would like
  • Spam will be dealt with, albeit not without cost
    to both legitimate senders and receivers
  • Dealt with doesnt mean annihilation, just
    reducing it to a dull roar

14
Questions?
Write a Comment
User Comments (0)
About PowerShow.com