Perhaps email is broken after all

It has long been popular in anti-spam circles to make bold claims about email being horribly broken. After all, with at times up to 90 per cent of all email traffic being spam – a lot of it carrying malicious payloads – how can there not be something fundamentally wrong with it?

I have always maintained that this is a flawed argument. Spam, or the sending of unsolicited bulk email, is an explicit feature of email – combining the ability of computers to do many things in a very short period of time, with the allowance we see in the regular postal system for the sending of unsolicited mail. Spam is a feature of email, rather than a bug.

Even if spam were to become so out of hand that we needed to replace the email protocol, its replacement shouldn’t just generate less spam than we are dealing with now. Rather, it should reduce the amount of spam that users actually receive – which, thanks to today’s spam filters, remains relatively low. That’s a huge threshold.

But recently there have been a couple of incidents that have left me wondering if email does need to be fixed after all.

First to make me think again about the state of email were the much-discussed revelations surrounding the NSA. We now know that agencies like the NSA in the US and GCHQ in the UK tap all the Internet traffic that passes through their respective countries. The cunning ways in which they break or backdoor cryptography have been well documented – but for most email, neither cunning nor cheating is required: the messages are sent over the wires in plain text.

Of course, we didn’t need Edward Snowden to point this out, and anyone who believed that secret agencies (and not just the NSA and GCHQ) wouldn’t tap the cables they had access to, was rather naïve. But Snowden’s revelations did act as a wake-up call for the email community.

If anyone were to invent SMTP today and decide it was a good idea for messages to be sent in plain text, they would receive short shrift from the Bruce Schneiers and Matthew Greens of this world. And rightly so.

Of course, encrypting the email when it is in transit would still leave opportunities for powerful entities to read the unencrypted messages. For those messages where secrecy is important, end-to-end encryption mechanisms such as PGP should be used. And for those messages where secrecy is of vital importance, and where metadata should remain secret, email might not be the right protocol at all.

The second event that led me to wonder whether email is broken was the recent DNS hijack suffered by some prominent security companies. The hijack resulted in the companies’ websites appearing to have been hacked – but in some cases it also resulted in the companies’ emails being redirected to a different server.

There is nothing in standard SMTP to prevent emails being sent to the hackers who have taken control of the DNS. Worse, email authentication systems such as DKIM and SPF ‘helpfully’ provide mechanisms that would have allowed the hackers to send emails on the companies’ behalf and which would have been accepted by a lot of spam filters as legitimate traffic. We should be grateful that in this case the hackers chose to focus their attention on the companies’ websites rather than starting what could have been a damaging phishing campaign.

The two turns of event mentioned here highlight the fact that the email community needs to prioritize its efforts to make sure that SMTP transactions that are sent over the public Internet are both encrypted and authenticated. This shouldn’t be presented as a way to make email more secure – it won’t stop the most powerful attackers from reading our emails. However, it would enable email to meet what should be one of our basic expectations of a digital mail service.

We’ve been doing rather well in our fight against spam. Now let’s tackle this issue too.

Latest articles:

Bulletin Archive