The Internet Email System
The email system that is currently used on the internet was not designed to curb the abuses presented by viruses and SPAM as they are occurring today. The email system today allows:
- Anyone can set the "From" field in the email to any value they want. This means that you can send an email message and make it look like the President of the United States sent the message. There are ways to tell that this is not the case, but on the surface it will appear like the President of the United States sent the message. This is called faking the sending address.
- If an email cannot be delivered, the email standard provides for the sender to receive a notification indicating that the message could not be delivered. Some email servers are also set up to notify the sender when a virus is found in an email they sent.
There are several things that the email system in use today does not provide for:
- The system does not provide for positive identification of the sender.
- There is no method to prevent a sender from sending unwanted emails.
Given the above conditions, several problems can occur.
- If the sending address of the email is faked, any messages indicating the message could not be delivered will go to the person who appears to have sent the email rather than the person who actually sent it. This can cause people to receive non deliverable notifications for emails that they did not send which can be very confusing.
- If a virus sends an email with a faked sender address, a mail server may detect the virus in the message and send a reply to the faked address notifying someone that they sent an email with a virus in it when in fact they did not. This can cause confusion and waste administrators time since users may call administrators and want their systems checked for viruses when they are not acutally infected with a virus. This is why administrators of mail servers should turn off notifications to addresses that appear to have sent a virus.
- Someone can fake the sender of an email and send embarrassing or annoying messages and possibly jeopardize the reputation of the party they are sending the email as. They can make it appear as though a reputable party is sending smut on the internet. I do not know if there are any laws against this, but there should be. This would be called fraud along with some possible other charges such as libel and slander. There are ways to tell that the sender did not actually send the email but this could still unjustly hurt someone's reputation.
- Recipients of virus or SPAM emails are unwilling recipients. These emails tie up their time and computer resources. When someone pays for a connection to the internet, and this connection is used to send them unwanted emails, this is the same as a denial of service attack and is essentially stealing. Everyone who connects to the internet has the right to use their connection haw they want and not how someone else wants. I will talk more about this in the section about SPAM.