************************************* * * * DB/C Newsletter * * February 2007 * * * ************************************* News and Comments We continue to add features during the development of DB/C DX 15. When we're finished adding these new features, we'll publish an article here describing the new features. Thanks to all of you who've volunteered to help with the testing of DB/C DX 15. We will be starting that process soon. This month's newsletter article is about a topic that I believe is very important - the growing dislike of email. Junk email - whether commercial, malicious or just ridiculous - is a major problem. At DB/C Software, we do not use an email server-based junk email filter. Instead, filtering of junk email is done by our desktop software after receipt of email. The performance of this software is acceptable, but it just masks a very significant problem - the growing distrust and disuse of email. For the last few weeks, the number of unwanted emails sent to us at DB/C Software Company has averaged about 1000 junk messages per user per day, with maybe 20 junk messages per user per day getting by the filters, and maybe 50 legitimate emails per user per day. That's our experience. This month's article is about possible solutions for this important issue. don.wills@dbcsoftware.com ****************************************************************************** Is Email Broken? Three years ago at the World Economic Forum in Davos, Switzerland, Bill Gates is quoted as having said "Two years from now, spam will be solved". The reality is that spam has gotten worse, not better, in the last three years. It's a fact that more than 90% of email being sent on the Internet today is spam - unwanted commercial emails mixed with attempts to steal information along with lots of plain junk. And the problem appears to be continuing to get worse, not better. Email is a critically important business tool. For some workers email is the primary communication work tool, more important than telephone calls or face-to-face speech. It's unfortunate that, because of junk email, some are now turning to inferior alternatives like instant messaging and web-based communications portals. People have less trust and affinity for email today than in the past. If the trend continues, email will slowly disappear as a useful tool of business. Existing schemes to combat junk email are nothing more than bandaids on a badly bleeding wound. 'White lists', 'black lists', IP blocking, Bayesian filters, etc. are all doomed to fail as the junk emailers adapt with new tricks. In many cases, these spam blocking strategies make things worse by occasionally discarding non-junk email. When that happens, people lose faith in the integrity of email. The problem is a fundamental one that will not be solved with bandaids. Significant, fundamental change is needed to save email. There are two initiatives that are being discussed as a means for authenticating email. They are SIDF (Sender ID Framework) and DKIM (Domain Keys Identified Mail). Microsoft is the primary backer of SIDF. A consortium led by Cisco and Yahoo! is pushing DKIM. In a nutshell, both work within the existing SMTP framework. SIDF works by publishing valid paths that an email might traverse to be received. DKIM adds a signature to the header portion of an email which proves that the source of the email is who it says it is. The two protocols may be used at the same time - they are not mutually exclusive. SIDF, based on an older authentication framework named SPF, is today incorporated into more operational servers than DKIM, but it is a Microsoft-only product because of patent issues. DKIM typically requires client-software support, so it's adoption will probably be slower. In addition, many are waiting for an IETF standard for DKIM to be adopted before implementing it. Neither SIDF nor DKIM will actually resolve the junk email issue. In some respects, both SIDF and DKIM are problematic because they can actually cause email to be misidentified as unwanted. However, they are first steps toward building systems that will be trustworthy and will severely limit junk email. With authentication, the receiver of an email can know with certainty where the email came from. The reputation of the source can then be used to decide whether an individual email is wanted. As more senders of email establish a reputation of being responsible sources of email, the use of unauthenticated email will die out. This would go a long way towards solving the junk email problem. The concept of protecting one's reputation is important for individuals and for corporations. Just like the protection of brand names, corporations are interested in protecting their email communications with customers and potential customers. Thus it would seem that one or both of these schemes will be adopted by most corporations in the next few years. It can't happen too soon! ****************************************************************************** DB/C DX Class Schedule Class: DB/C DX Fundamentals Date: June, 2007 Location: Woodridge, Illinois For information, send email to admin@dbcsoftware.com. ****************************************************************************** Subscribing to the DB/C Newsletter If you don't already have the DB/C Newsletter delivered to your email address and would like to have it emailed to you monthly, just send an email message to dbcnews-subscribe@dbcsoftware.com. The newsletter will be delivered to the email address from which the message was sent.