>I would say by extrapolating the problem of spam and snooping that the
>next level of email software needs to concentrate on the following:
>
>1. routine and transparent encryption.
OK, but the Feds are really going to hate that.
>2. making spam no longer economic. Blocking all spam is, even in
>theory, impossible. I sometimes read a message and am ambivalent
>myself about whether I wanted to read or receive it. The key is to
>provide efficient, transparent spam solutions. They can be layered to
>filter higher and higher percentages of mail depending on how big your
>spam problem is.
One way of making spam non-economic would be making it difficult to
use throw-away identities. If I block by someone's identity, it
stays blocked.
>3. prevent phishing. When PayPal sends you an email, you want to know
>for sure it really is from PayPal. This means corporate users at
>least will all have digital ids, and all emails will be digitally
>signed.
I'm assuming that email is supposed to be useful and usable for
*SAFELY* conducting a conversation (or negotiations) with someone
out to kill you or steal from you. (Consider union vs. management,
any husband vs. his ex-wife, the IRS vs. everyone, whistleblower
vs. employer, etc.)
>4. status tracking. Unless blocked by the receiver, the sender knows
>if his message has been receiveived/read.
I consider this an unacceptable risk to the receiver, unless the
acknowledgement is manually initiated. It also risks a lot of
confusion regarding what constitutes "read", especially if the user
saved it into a file without displaying it.
I'm assuming here that there are some people (e.g. George W. Bush) who
will attempt to try to turn an IP address into a geographic location
and launch missiles at it when he finds out Osama Bin Laden read his
email. At least when Osama *sends* email, he can click the send
button and run like hell.
>5. making it impossible for any incoming email to mount any sort of
>attack. the only parts the email software processes are the data
>parts. Any enclosed programs must be explicitly installed. The email
>software would warn if any code were not digitally signed with proper
>certificate to identify the author.
In HTML, that means NO links, NO Javascript, NO forms, and NO references
to other files. Reading your email should not generate hits on
anything specified by the sender.
Gordon L. Burditt
--
http://mail.python.org/mailman/listinfo/python-list
