Trust, Fraud, and Email, Part 2

So, even the IRS is being spoofed:

The e-mail address looks legitimate — sent from admin@irs.gov or tax-refunds@irs.gov. The logos and graphics look convincingly like the ones you'd find on the official IRS website. And there is an intriguing reason to click the link requesting your Social Security number and credit card information: a refund. But if you do, you'll see a maxed-out credit card or a stolen identity, not the $63.60 the e-mail claims.

The worst part of these frauds is that they are being run by gangs, not by individuals looking to erase your hard drive, so at this point there's the possibility of serious money here. Our money, unfortunately.

So, with roughly 60% of the email item traffic being spam or worse, is it likely that email will simply become so untrusted as to be useless, or just a closed messaging system among already-authenticated friends? Could be, but I hope not. Even subtracting spam, email is still the most often-used Internet service by all of us.

There are some solutions, including the dismal step of licensing servers (more about this in a later post). We could require emails to be digitally signed, but the infrastructure to support that would be expensive and cumbersome to maintain. Both of these raise (for Americans, anyway) significant first-amendment rights erosions and the possibility of political oversight and censure.

There is one very unobtrusive partial solution, called Sender Policy Framework, or SPF, which does not solve the whole problem but at least takes on part of it — preventing forged email headers. Forged headers are used in virtually all spams, and most phishing trolls, too, so defeating them is a huge blow to phishers and spammers. And its easy to do, I am currently in the process of implementing it for our domains here at work. A large number of the big email handlers (e.g. AOL and Yahoo!) have implemented the receiving-end of SPF and are therefore rejecting an additional 500-million fraudulent emails per day.

It's also likely that RSS (Really Simple Syndication) will become an alternative way, especially for companies who are communicating with customers — for example, subscribed newsletters, notices of sales, etc., all these things that the recipient has asked to receive. RSS appears as an "active link" in your bookmarks list, and it reminds you to go get something that has changed recently.

None of these is a perfect solution, but for now we at least have some tools to use against the fraudsters and hucksters that clog our pipes with tripe emails.

Read Full Post »

Repeating Viet Nam

I recommend an excellent article published in the journal Foreign Relations, which analyzes the inevitable comparison of the Iraq war with Viet Nam:

Most discussions of U.S. policy in Iraq assume that it should be informed by the lessons of Vietnam. But the conflict in Iraq today is a communal civil war, not a Maoist “people’s war,” and so those lessons are not valid. “Iraqization,” in particular, is likely to make matters worse, not better.

At a minimum, Washington should stop making matters worse. Understanding the war in Iraq as a communal civil war cannot guarantee success, but without this understanding failure is far too likely. Whatever the prospects for peace, they would be considerably better if Washington stopped mistaking Iraq for Vietnam and started seeing it for what it really is.

Its a somewhat long read, but I think a necessary antidote to the simplistic drivel that the Administration’s been spouting about this war since Day One. It points out the lack of imagination on the part of Our Leaders at understanding what they are really up against, and of course emphasizes the necessity of a clear and realistic framework in approaching the problem. Without such a framework you have little hope of engendering a lasting solution.

The article is here.

Read Full Post »