The Future of E-mail

Computerworld - Your company scans incoming e-mail for viruses and outgoing messages for confidential information. Your spam filter snags most of the garbage, and it gets better as it learns the latest spamming and phishing spoofs. You're encrypting sensitive e-mail now, and you recently completed a project that keeps your messages safely archived in case federal regulators come knocking.

Indeed, with the right technology, the right policies and a little slice of your budget, you can pretty much manage the messaging madness. And new technology likely to emerge from the labs in the next year or two will help bring a little more civilization to the world of e-mail, ensuring its continued place among the most popular and important of all corporate applications.

The future of e-mail E-mail authentication: The choices Q&A: The morphing of e-mail The future of electronic communications: Alternate realities Internet e-mail: Could we start over? E-mail overload: How the pros handle it

While today's efforts to improve e-mail are aimed mostly at curing its ills, research in vendor and university labs points to brave new uses for the humble e-mail message, from knowledge mining to workflow enhancement. Interviews with researchers, futurists and IT managers yielded the following conclusions about the future of e-mail.

1. New technologies, plus economic and political pressures, will eventually tame the malware.

Ray Tomlinson, a principal engineer at BBN Technologies in Cambridge, Mass., calls the struggle against spam, phishing and malware "pretty much a draw" at present. He has a good deal of perspective on these issues, having sent the world's first network e-mail message in 1971.

Tomlinson points with hope, but some exasperation, to alternate -- some would say competing -- proposals for stemming the tide of offensive, malicious and deceptive e-mail.

"It's not so much a hard technical problem; it's a hard business and political problem," Tomlinson says. "The players have vested interests in the various approaches, and they are fighting tooth and nail to get their approaches adopted. It's not the end users who are the bottleneck here."

Microsoft Corp. is pushing its Sender ID Framework, which verifies that a message was actually sent from a server authorized to send mail for the domain owner. John Scarrow, Microsoft's general manager of antispam and antiphishing strategy, says Sender ID has been adopted by 73% of Fortune 100 companies and is used for 31% of all e-mail messages.

An experimental system at HP Labs shows actual e-mail paths (the gray lines) overlaid on the lab's formal organizational structure (the black lines).

More good news, Scarrow says, is that while IM and other modes of electronic communication also need to be protected, the technology for doing so is similar to that for e-mail.

Meanwhile, Yahoo Inc. and Cisco Systems Inc. last year submitted to the Internet Engineering Task Force a proposed standard called DomainKeys Identified Mail (DKIM), which, like Sender ID, is designed to guard against spoofing and phishing by authenticating an e-mail sender. DKIM verifies the domain of the sender and also cryptographically verifies the integrity of the message.

In addition to Sender ID, Microsoft has the SmartScreen filter, which uses statistical techniques to learn what's spam and what isn't, and the Phishing Filter add-in for the MSN Search Toolbar. But those tools are not enough, say the folks at Microsoft Research, where some 40 people work on new e-mail technology.

For example, researcher Joshua Goodman says the ultimate solution could be a four-pronged defense against spam called SmartProof. Here's how an experimental version of it works:

• First, a machine-learning filter, similar to SmartScreen, snags the obvious spam and quarantines it or throws it away. The filter passes on to the user's in-box any message that is from someone on the user's "whitelist."
• Messages suspected of being spam trigger replies to the senders, challenging them to prove they're not spammers.
• Senders may respond to the challenge by solving some kind of a puzzle -- one that's easy for a human but hard for an automatic spam generator.
• Alternately, senders can ensure the delivery of their messages by making credit card-based "micropayments." The payments may go to the recipient, the Internet service provider or a charity, or they can be refunded to the sender if the message turns out not to be spam.