On Mon, May 07, 2007 at 12:36:05PM -0700, Esther Schindler wrote:
> One of the key points that came up when I researched and wrote the
> "Five Things CIOs Should Know about Fighting Spam" article (http://
> www.cio.com/article/28830) was that they should know the basics of
> how email works. Otherwise, said plenty of techies, the CIO won't
> have the first idea of what the email admin is complaining about.
I'll give you a "single most annoying thing to do to your website": Show
a (slow) flash ad on _every_page_load_ that has to be clicked away. WTH?
Anyway.
> So I'm going to do my part. I'm going to write an "ABCs of Email"
> article (to accompany the many other ABCs articles we have on
> CIO.com, at http://www.cio.com/article/40242 ). I'd like your input
> on the topics that should be included, keeping in mind the fact that
> the target reader is a CIO, IT manager, or someone who wants to
> understand the basics, *not* actively get involved in email management.
>
> You don't need to write an essay for me or inundate me with links
> (though hey, if you want to make my life easier I shall not
> complain). What I'm looking for, primarily, are the categories of
> information that I should cover. In other words, if your CIO had an
> email ephiphany and asked you to give a half-hour presentation, what
> would you include?
That sending email is not authenticated. I can send an email that says
it came from "billgates@???" (or "et@mars", for that matter),
and an SMTP server who implements the RFC to the letter (even if almost
none do in these days of spam) will just believe it and accept the mail.
Impersonating a person through an email is therefore very, very easy.
Today some mechanisms have been implemented to work around that issue,
such as SPF, but those are of debatable quality and reliability, and
only work if the receiving mailserver actually implements it, which not
all of them do.
--
Shaw's Principle:
Build a system that even a fool can use, and only a fool will
want to use it.