As you may have noticed, I’ve been ruminating a lot about communications recently, specifically messaging and email. I’m not done.
Messaging and email are the most ubiquitous methods of personal communication that humans use today. We send more text messages, instant messages, and emails than we make phone calls. Many of us use these systems more often than we speak face-to-face with our friends and family. And we do so despite the fact that each is fairly broken in its own way, though SMS is probably the most robust of all the methods.
In fact, SMS is now possibly the most reliable way to send small messages to another person -- assuming, of course, the person has a mobile phone. Messaging through one or more of the cornucopia of popular apps can easily result in unread notices if the recipient doesn’t have the app installed and running. Sending an email should work, unless it gets trapped in a spam filter or another all-too-common pitfall on the way to the recipient, but text messages generally get to their destination unimpeded.
Except when they don’t. I was recently in Norway, where I discovered my phone would work with data services from Telenor, and I could make outbound calls and send texts, but incoming calls and texts simply didn’t reach me. When I landed in London a few days later, I received all 42 text messages and voicemail notifications I had missed. Technically, SMS succeeded in delivering the message, but a bit late.
In any event, it’s 2016 and we still don’t have personal digital communications quite figured out. But in terms of this discussion, it’s important to separate messaging and email. They have a few traits in common, but they are used for different purposes and perform complementary functions.
We occasionally hear that the younger generation “doesn’t do email,” which may be true for certain types of interactions such as bantering with their friends, but they absolutely “do email” for many other tasks -- signing up for Internet services, receiving bank statements, sending and receiving documents, and certainly at work, communicating with clients and colleagues.
Email leaves a digital paper trail, gets indexed for searching, and provides an avenue for sending certain types of information that don’t fit the form or function of messaging or other communication mediums. It always has, and it always will. Email is here to stay, but it definitely needs rehabilitation.
The problems with email aren’t purely technical. They’re mostly due to the human condition -- namely, a bunch of knuckle-dragging troglodytes who continue to pee in the collective Internet swimming pool. These are the troglodytes who blast spam from the dark corners of the Internet, consuming vast resources at the receiving ends that mostly succeed at filtering the junk but sometimes produce the false positives that result in lost email. A bit further down that pit of evil are those who try to use email for phishing scams and malware distribution. They also consume vast resources and can ruin your day if they succeed.
Thus, the task of running an email server is not for the meek -- you need serious chops and/or good software to ensure the safety of your mailbox while still maintaining the flow of desirable communication. Running an email server requires consistent tweaking and maintenance; thus, many companies are more than happy to offload the responsibility to others. While this has benefits, it’s also problematic, because those companies can throw around their collective weight and undermine the advantages of email as an open platform.
This double-edged sword might be useful, however, if wielded properly. At some point we must push the evolution of email forward, and it would seem that stricter enforcement of more modern standards is the way to achieve those goals. That enforcement might be more effective concentrated in the hands of a few.
Simply put, the larger email providers in the world may need to begin refusing to send and receive email from servers that do not use SSL/TLS with valid certificates or do not have valid SPF records or reverse DNS -- and that’s only the start. Some providers do one or two of these now, while others at least apply more scrutiny to inbound email that comes from servers without valid SPF records or reverse DNS. But it’s not common practice to outright refuse email that doesn’t meet all three criteria.
Frankly, if a smaller provider tried to do this, all that would happen is its users would start losing mail at a significant rate. Nobody else would really care.
If we want to protect email for the future, we need to invoke a sea change. We need to pay the price for the years of profligate and sloppily configured email servers running all over the world. We need to rip off the bandage and attempt to bring back email, to re-establish email as a secure and reliable communications method.
This means causing millions of email servers to stop communicating with the largest email providers until they are fixed or replaced and brought up to spec. No matter how well publicized the effort might be, enforcing stricter standards will cause mayhem, loud complaints, and lost email. But if you need to make a huge change, sometimes it’s best to do it all at once.
The day that Gmail, Yahoo, Microsoft, and Apple’s MX servers stop listening on TCP/25 (the unencrypted SMTP port) will be that day. It’s not elegant, but when dealing with a 40-year-old system that has grown organically throughout the petri dish of Internet expansion, it may be the only option.