Mail menopause

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

"Is e-mail broken?" That was the intriguing question, tinged with a little woe, posed by the well-known blogger and software author Dave Winer at his weblog at scripting.com last week. For those struggling to cope with hundreds or even thousands of e-mails that were sent either by the SoBig-F virus, or sent wrongly to them by automated virus detection systems (because SoBig fakes the "From:" of its e-mails), the answer probably felt like "yes".

Matt Sergeant, a senior technologist at the mail-filtering company MessageLabs, said: "On my home e-mail I've got some good antivirus filters but even so I had more than 1,000 notification e-mails from postmasters wrongly saying I'd sent them the SoBig virus. Normally I get 10 real e-mails a day - plus about 200 or 300 spams."

With the blizzard of viruses and worms in the past two weeks, allied to the growing volume of spam (estimated by Steve Linford of the anti-spam outfit Spamhaus to now make up 60 per cent of all e-mail), perhaps it is time to take e-mail's pulse, and ask: "Is e-mail dead?"

Certainly, for people such as Winer (who watched the number of messages in his inbox mount from 650 to 2,000 to forget about it in the course of a few hours) the answer was definitely in the affirmative. The situation, he wrote, has finally become "completely intolerable. Before this it was a total mess. Now it just doesn't work."

While he went and searched for alternatives, the search for a culprit began. Some concentrated on the writer of the SoBig virus, believed to be a skilled programmer paid by American spammers, who want to create a network of machines that they can control to send yet more spam. The trouble is that the writer remains elusive. Others suggested that the fault lay closer to computer users: with Outlook Express, the most commonly-used e-mail client, and Microsoft's early design decisions with it.

There are certainly hundreds of millions of copies of Outlook Express in use today; the program first appeared in the Nineties. But as Keith Moore from the University of Tennessee's computing department noted, a lot of today's troubles stem from the decisions that Microsoft made in designing OE (as it's usually known) and its successors. The problem: although the recommendations for the way mail programs receive attachments over the net said that "severe security problems could result" from allowing the mail program to run programs (which is what happens when you double-click on an attachment), Microsoft ignored the advice. Hence, when you click on a virus-infected attachment, Windows runs it, and you get infected.

"Microsoft mail readers have for many years ignored the warnings and implemented almost exactly the behaviour that was recommended against," Moore noted on Dave Farber's "Interesting People" mailing list. Worse, the first versions let almost anything run. "Other mail application vendors were forced to mimic that behaviour for the sake of compatibility with Microsoft mail clients... given that Microsoft ignored clear and repeated indications of vulnerability as well as recommendations for countermeasures, it's hard to imagine that they are not significantly culpable for creating the breeding pool for viruses," he added.

So with the guilty party apparently in the dock, what's next for Microsoft, and for Outlook Express - which, until the latest round of the SoBig worm, was always the only way that such e-mail viruses could spread? (SoBig-F, seen last week, was the first that could infect machines - though again only those running Windows - through any mail program, including Netscape, Eudora or Pegasus.)

Though the answer has been buried amid all the news about the viruses and worms themselves, it seems that Microsoft has decided that it doesn't want much more to do with Outlook Express. Two weeks ago a story appeared on ZDNet Australia saying that Microsoft had decided to kill off OE. That was quickly denied - or not exactly denied. Instead, what the source at Microsoft's "information worker product management group" said was "Microsoft will continue its innovation around the e-mail experience in Windows".

Interesting word, that - "around". Note that it was not "of". The point is, as The Register site noted, that Microsoft has built Windows around the browsing experience of Internet Explorer, not the e-mail experience of Outlook Express. There's really no incentive, now that Netscape has long since been beaten into the ground, for Microsoft to see off anyone in what one could call the "traditional" internet sector - e-mail, browsing, FTP. That war is over. The fights are being fought over new areas, on which Microsoft is focusing heavily. But e-mail isn't one of them, and so you shouldn't expect any dramatic - or even slight - improvements to Outlook Express in the future.

Microsoft doesn't have any reason to improve it. While Apple struggles with a tiny market share, it has won acclaim from users for the "junk mail" filter on its Mail program, which comes with its machines: this uses smart filters to detect junk. Apple has an incentive to improve Mail, because that might attract more users. Similarly, Qualcomm, owner of the Eudora program (www.eudora.com), is now testing a junk-mail detector for Eudora 6. Microsoft has no incentive to write a more advanced version of a free mail program that most people won't upgrade to.

Winer and other blogging colleagues such as Adam Curry believe that the way forward - at least for them - is to use features such as RSS (used to publish simplified version of websites over the Net), linked to encrpytion to allow groups of people to send each other "e-mail" in the form of RSS quotations. But RSS is hardly simple. Which leads everyone back to e-mail, which is still broken for many people in the US (though the deluge has lessened). Potential solutions abound: demand that e-mail must be encrypted; demand that senders of e-mail must be authenticated by servers; demand that anyone sending you e-mail either be on your address list or click a human-readable form first.

The simplest solution for the average user is to avoid Outlook Express, which is the target of so many viruses. Spend some money - the price of a few coffees, perhaps - on buying a commercial e-mail program, and you should avoid the majority of those problems. And all those companies will be delighted to help you import your filters and e-mail from Outlook Express.

But that doesn't fix the larger, global problem. The reality is that in asking how we can fix e-mail - when it was so thoroughly broken by Microsoft's earliest design decisions - we're asking the same question as the tourists who found themselves hopelessly lost on a remote country road, and stopped a passing local to ask how to get to their destination. "Ah," he said. "Well, I wouldn't start from here."

network@independent.co.uk