June 18, 2020

1722 words 9 mins read

Daniel J Bernsteins IM2000 email proposal is not a good idea

Daniel J Bernsteins IM2000 email proposal is not a good idea

A long time ago, Daniel J. Bernstein wrote a proposal for a new generation of Internet email he called IM2000, although it never went anywhere. Ever since then, a significant number of people have idealized it as the great white ‘if only’ hope of email (especially as the solution to spam), in much the same way that people idealized Sun’s NeWS as the great ‘if only’ alternative to X11. Unfortunatel

y, IM2000 is not actually a good idea.

The core of IM2000 is summarized by Bernstein as follows:

IM2000 is a project to design a new Internet mail infrastructure around the following concept: Mail storage is the sender’s responsibility.

The first problem with this is that it doesn’t remove the fundamental problem of email, which is (depending on how you phrase it) that email is an anonymous push protocol or that it lacks revocable authorization to send you things. In IM2000, random strangers on the Internet are still allowed to push to you, they just push less data than they currently do with (E)SMTP mail.

The idea that IM2000 will deal with spam rests on the idea that forcing senders to store mail is difficult for spammers. Even a decade ago this was a questionable assumption, but today it is clearly false. A great deal of serving capacity is yours for the asking (and someone’s credit card) in AWS, GCP, Azure, OVH, and any number of other VPS and serverless computing places. In addition many spammers will have a relatively easy time with ‘storing’ their email, because their spam is already generated from templates and so in IM2000 could be generated on the fly whenever you asked for it from them. We now have a great deal of experience with web servers that generate dynamic content on demand and it’s clear that they can run very efficiently and scale very well, provided that they’re designed competently.

(I wrote about this a long time ago here, and things have gotten much easier for spammers since then.)

At the same time, IM2000 is catastrophic for your email privacy. People complain vociferously about ‘tracking pixels’ in HTML email that betray when you open and read the email from someone; well, IM2000 is one giant tracking pixel that reliably reports when and where you read that email message. IM2000 would also be a terrible email reading experience, because it’s like a version of IMAP where message retrieval has random delays and sometimes fails entirely.

(As far as spam filtering your incoming IM2000 messages goes, IM2000 gives you far less up front information than you currently get with SMTP email. I wrote up this and other issues a long time ago in an entry about the technical problems of such schemes. Some of those problems are no longer really an issue more than a decade later, but some continue to be.)

At a broader ‘technical choices have social impacts’ level, IM2000 would create a very different experience than today’s email systems if implemented faithfully, one where ‘your’ email was actually not yours but was mostly other people’s because other people are storing it. Those other people can mostly retract individual messages by deleting them from their servers (you would still have the basic headers that are pushed to you), and they can wipe out large sections of your email by deleting entire accounts (and the sent messages associated with them), or even by going out of business or having a data loss incident. Imagine a world where an ISP getting out of the mail business means that all email that its customers have sent from their ISP email accounts over the years just goes away, from everyone’s mailbox.

(If ‘ISP’ sounds abstract here, substitute ‘Yahoo’. Or ‘GMail’.)

In addition, in some potential realizations of IM2000, email would become mutable in practice (even if you weren’t supposed to in theory), because once again the sender is storing the message and is in a position to alter that stored copy. Expect that capability to be used sooner or later, just as people silently revise things posted on the web (including official statements, perhaps especially including them).

Some of these social effects can be partially avoided by storing your own local copies of IM2000 messages when you read them, but there are two issues. The first is pragmatic; the more you store your own copies and the earlier you make them, the more IM2000 is SMTP in a bad disguise. The second is social; in the IM2000 world the server holds the authoritative copy of the message, not you, so if you say the message says one thing (based on your local copy) and the server operator says it says something else (or doesn’t exist), the server operator likely wins unless you have very strong evidence.

In general, I think that IM2000 or anything like it would create an ‘email’ experience that was far more like the web, complete with the experience of link rot and cool messages changing, than today’s email (where for better or worse you keep your own full record of what you received, read and reread it at your leisure, and know that it’s as immutable as you want it to be). And it would still have the problem that people can push stuff in front of you, unlike the web where you usually at least have to go looking for things.

Author: cks

Date: 2020-09-06

URL: https://utcc.utoronto.ca/~cks/space/blog/tech/IM2000NotGoodIdea

utoronto.ca

A potential Prometheus issue for labeled metrics for infrequent events (2020-10-17) One of the things you often get to do with Prometheus is to design your own custom metrics for things which may be generated and exposed in a number of ways for example using mtail to extract them from log files One piece of advice for designing metrics that Ive seen is to group closely related measurements together under one metric name using label values to differentiate between them The classic..
Even on SSDs, ongoing activity can slow down ZFS scrubs drastically (2020-08-27) Back in the days of our OmniOS fileservers which used HDs spinning rust across iSCSI we wound up changing kernel tunables to speed up ZFS scrubs and saw a significant improvement When we migrated to our current Linux fileservers with SSDs I didnt bother including these tunables or the Linux equivalent because I expected that SSDs were fast enough that it didnt matter Indeed our SSD pools generally..
Making product names of what you use visible to people is generally a mistake (2020-09-28) For years weve used Sophos PureMessage as the major part of our overall spam filtering I dont mention specific product names very often for various reasons but its now harmless because Sophos is dropping PureMessage also We were already planning to almost certainly replace PureMessage for reasons other than this but Sophoss decision to move to a cloud based service model forces our hand We actuall..
Fixing blank Cinnamon sessions in VMWare virtual machines (on Fedora) (2020-11-03) I periodically install and maintain versions of Fedora under VMWare on my Fedora office machine When I do this I invariably opt to have them run Cinnamon because out of the stock desktop environments Cinnamon is what Ive preferred for a long time For a while now Ive been having an ongoing problem with this which is that my Cinnamon sessions dont work although every other type of session does Gnome..
When the Go garbage collector will panic over bad pointer values (2020-09-15) For some time Ive vaguely remembered that the Go garbage collector actually checked Go pointer values and would panic if it found that an alleged pointer including unsafePointer values didnt point to a valid object Since the garbage collector may interrupt you at almost random points this would make it very dangerous to play around with improper unsafePointer values However this was just a superst..
Why I write recursive descent parsers (despite their issues) (2020-09-16) Today I read Laurence Tratts Which Parsing Approach? via which has a decent overview of how parsing computer languages including little domain specific languages is not quite the well solved problem wed like it to be As part of the article Tratt discusses how recursive descent parsers have a number of issues in practice and recommends using other things such as a LR parser generator I have a long ..
The Linux kernel bugzilla (and others) get spammed (of course) (2020-08-24) The general rule of the Internet is that everything gets spammed so at one level it should be no surprise to me that bug reporting systems for open source projects do As it happens I sort of have personal experience with this especially through this old bug for AMD Ryzens hanging on Linux which Im subscribed to because it sort of affects me Actually reading the bug will generally not show you any ..
Github based projects have RSS syndication feeds for their releases (2020-11-21) Today I discovered that Prometheus had made two bug-fixing point releases without sending email to their regular announcement list which meant that we were still running 2220 instead of the current 2222 The bug fixes in 2221 and 2222 fortunately dont look too important to us but its still a bit disconcerting to discover were out of date As it happens if I want to I can arrange to never be surprise..
Apple Silicon Macs versus ARM PCs (2020-11-19) In a comment on my entry on how I dont expect to have an ARM-based PC any time soon Jonathan said: My big takeaway from the latest release of Apple laptops is that these new laptops arent necessarily ARM laptops When a person gets an Apple Silicon Mac they are not getting an ARM computer They are getting an Apple computer As it happens I mostly agree with this view of the new Apple machines and i..
Microsoft SharePoint is being used to send spam (2020-10-12) Im paying more attention to what our mail system detects as spam and where its coming from than usual so Im getting to notice things or in the alternate phrasing being forced to notice things Todays thing that I noticed is that to no ones surprise Microsoft SharePoint is currently being used as a spam sending vector I say to no ones surprise because its a long standing rule that anything that can ..