The nice folks over at Sparkpost asked me and other email experts for some thoughts on what we think the most important issues in email will be in 2016.
I do think security is going to be a major, major change in delivery. From what I’ve seen there’s been a shift in the mindset of a lot of people. Previously a lot of folks in the email space were very accommodating to old systems and unauthenticated mail and were not quite ready to cut off senders that didn’t meet modern standards.
There were a lot of people who didn’t want to take any action that would break email. There are still a lot of people who think that breaking email is a bad thing and changes should be backwards compatible.
Then people started realizing not every change had to be backwards compatible.
There are a few reasons I think this attitude shift happened.
Email is a malicious channel.
I’ve mentioned this before, but email is an incredibly malicious channel and much of the email traffic out there is actively trying to hurt or steal from people. People have been fighting this malicious traffic for almost 2 decades. Some of the same folks who were doing this when I first started are still doing this. What they’ve done so far has mitigated many of the damages, but the problem isn’t under control. Now we’re looking at more than just a few tens of dollars paid to a spammer, but tens of thousands of dollars wired from businesses.
Internet crime is not “virtual” any longer. It’s real and it’s toxic.
The rise of Social Media.
Even a decade ago email lists were the way to chat with friends. Yes, there were some web based forums, but a lot of how we interacted with each other online was through email. Now, we have social media to communicate with folks. And it gives us a lot more flexibility. One of the things that seemed to happen on mailing lists, particularly large ones, is off topic posts and side conversations. People split off private lists as friendships (and even cliques) developed. This is so much easier with social media!
Social media has created an environment where email is not the only way to communicate and is often not the best way to communicate.
Yahoo broke email, and we all survived.
Then, 18 months ago, Yahoo flipped the p=reject switch for the yahoo.com domain. That did break email. A lot of people ended up scrambling very, very hard and fast to cope with how much this broke email. Even now, the problems created by Yahoo (and then AOL and soon Gmail) requiring all mail using their domains to come from their servers are not yet completely mitigated. But work arounds and fixes are being implemented.
I think this convinced a lot of people that “breaking email” wasn’t necessarily a bad thing. Three or so years ago, I made the statement I didn’t see the webmail providers implementing p=reject, because I really didn’t. It would force users to change how they use email. But, they did and we could force a higher level of security, and even if it did break email the problems would be addressed and people would adapt.
IPv6 will change everything.
Even though most mail isn’t currently using IPv6 people are planning for it. They also realized they didn’t have to account for old, legacy systems that weren’t updated. Delivery standards could be set, like having rDNS or requiring authentication, and senders would have to cope. And people coped.
All in all, email security is going to be A Big Deal in 2016 and beyond.