Dear user of Uiuc.edu gateway e-mail server, We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions. Pay attention on attached file. Kind regards, The Uiuc.edu team http://www.uiuc.edu
Now, I'm sure we all know that this isn't real, right? Especially with a zip file attached? We'd never open attachments from strangers - you never know where email is coming from these days! It could be faked!
Sadly, it seems that no one does know this. Even more sadly than the fact that people wil open these (numbering in the multiple dozens in just a few hours, on my campus) is that we got a third of our complaints from people who tried to open the email - and couldn't open the attachment.
Resident Advisors. "Well, I figured I'd open just one - I deleted all the rest!" Kazaa users - "It said it was Matrix Revolutions 3!" People in general. "Well, I thought CITES would email me about stuff like that, but apparently not."
A week or two ago, I was arguing that the current email scheme was actually workable. You just have to keep people informed that they can't really trust anyone.
Today, I've discovered - I am wrong. There is nothing that you can do to protect these people who think that the university really is going to shut down their account, regardless of the errors in the email - simply because the email comes from firstname.lastname@example.org.
So, all you internet gurus - what's the answer? SPF fails on forwarding addresses - and it's not widely enough supported yet. Spam filters can't catch them - the words and wording is too normal to be considered spam, you'd miss real mail.
So, since there's no way to idiot proof anything (they always make a better idiot) what's the best way to fix email? I no longer believe it isn't broken. There was a time when the current infrastructure supported what we use it for today, but that time is long gone. It's time to move on.