E-mail is a wonderful invention. I’ve been using it since 1987 or thereabouts, when one of my uncles gave me a 300 baud acoustic modem that I could plug into my Sinclair QL, and I discovered the local FidoNet node.
However, this wonderful innovation started becoming a burden about a decade ago — that’s when I started noticing the spam and virus problem anyway. Between spammers and scammers, it became all but unusable for a long time. Now it’s back to usable proportions, thanks to technological innovations, but the messages that still get through are the most carefully crafted ones, and the most dangerous. It doesn’t have to be this way though.
The problems with e-mail stem from two major sources, as I see it. The first is that it’s essentially the same as a postcard: you can’t safely use it to send any information that you want to keep private, because anyone between you and the receiver can read it’s contents. Don’t discuss your model-train crush fetish via e-mail if you want to keep it secret, because there are dozens of machines across the Internet whose owners and administrators (and any interested criminal hackers who’ve broken into them or stolen backup tapes of them) can read it for months on end. Can anyone say blackmail?
The second is that you have no assurances that the person you’re talking to is really who he claims to be — it’s trivial to spoof the from-address in a message. Spammers and scammers use this to their advantage daily: with the current setup, it’s impossible for the computer to reliably tell the difference between a message from your mother asking you to remind her of the combination to the lock on the back shed, and one from someone pretending to be her to steal things from that same shed. Or a message from your bank and one from a scammer trying to trick you into revealing your banking details so he can clean out your accounts.
Public-key encryption and authentication has been around for years. It’s freely available via the cross-platform GPG program, and can be used transparently by many e-mail clients (though Outlook Express, so far as I know, requires some manual steps). I’ve been using it for all of my business e-mail for several years, and all of my personal e-mail with people that I can convince to use it.
The advantages are easy to explain: the message is encrypted, changing that postcard into a sealed and couriered letter, signature required for delivery. And when someone sends a message to you, you know for certain whether it’s someone that you’ve communicated with before or not, because no one can fake a digital signature without both the person’s private key file and the password that they put on it.
It doesn’t solve every problem, but it’ll deal with most of them. Start using GPG, and demand that anyone who wants to e-mail you use it as well (enforced by having your e-mail program automatically delete messages that aren’t encrypted). Most spam, scams, and other annoyances will immediately cease; any that remain would have to be deliberately and specifically targeted to you, and would require a lot more knowledge and CPU power to pull off. It’s a Draconian solution — but it is a solution.
Just my two cents’ worth.