Chris Schmidt (crschmidt) wrote,
Chris Schmidt
crschmidt

Bagle.j

Once again, I am amazed by the amazing trustworthiness people have of anyone claiming to work for someone who controls their email. All I have to do is represent myself as the "UIUC Team" and suddenly, I'm the king of the world. I can tell the user to do anything - they'll do it, so long as they think they're protecting their precious email.

Today's example?

Dear user of Uiuc.edu gateway e-mail server,

We  warn you about some attacks  on your e-mail account.  Your  
computer may contain viruses, in order to keep your computer and  
e-mail account  safe, please,  follow the  instructions.

Pay attention on  attached file.

Kind  regards,
     The Uiuc.edu  team                            http://www.uiuc.edu


Now, I'm sure we all know that this isn't real, right? Especially with a zip file attached? We'd never open attachments from strangers - you never know where email is coming from these days! It could be faked!

Sadly, it seems that no one does know this. Even more sadly than the fact that people wil open these (numbering in the multiple dozens in just a few hours, on my campus) is that we got a third of our complaints from people who tried to open the email - and couldn't open the attachment.

Resident Advisors. "Well, I figured I'd open just one - I deleted all the rest!" Kazaa users - "It said it was Matrix Revolutions 3!" People in general. "Well, I thought CITES would email me about stuff like that, but apparently not."

A week or two ago, I was arguing that the current email scheme was actually workable. You just have to keep people informed that they can't really trust anyone.

Today, I've discovered - I am wrong. There is nothing that you can do to protect these people who think that the university really is going to shut down their account, regardless of the errors in the email - simply because the email comes from staff@uiuc.edu.

So, all you internet gurus - what's the answer? SPF fails on forwarding addresses - and it's not widely enough supported yet. Spam filters can't catch them - the words and wording is too normal to be considered spam, you'd miss real mail.

So, since there's no way to idiot proof anything (they always make a better idiot) what's the best way to fix email? I no longer believe it isn't broken. There was a time when the current infrastructure supported what we use it for today, but that time is long gone. It's time to move on.

What's next?
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 46 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →