Accountable Anonymous E-Mail

  • Vincent Naessens
  • Bart De Decker
  • Liesje Demuynck
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 181)


Current anonymous e-mail systems offer unconditional anonymity to their users which can provoke abusive behaviour. Dissatisfied users will drop out and liability issues may even force the system to suspend or cease its services. Therefore, controlling abuse is as important as protecting the anonymity of legitimate users when designing anonymous applications.

This paper describes the design and implementation AAEM, an accountable anonymous e-mail system. An existing anonymous e-mail system is enhanced with a control mechanism that allows for accountability. The system creates a trusted environment for senders, recipients and system operators. It provides a reasonable trade-off between anonymity, accountability, usability and flexibility.

Key words

privacy anonymity accountability control 


  1. [1]
    David Mazieres and M. Frans Kaashoek. The design, Implementation and Operation of an Email Pseudonym Server. In Proceedings of the 5th ACM conference on Computer and communications security, p.27–36, November 02–05, 1998, San Francisco, California, United States.Google Scholar
  2. [2]
    P. Syverson, M. Reed and D. Goldschlag. Onion routing access configurations. In DARPA Information Survivability and Exposition (DISCEX 200), volume 1, p. 34–40. IEEE CS Press, 2000.CrossRefGoogle Scholar
  3. [3]
    P. Syverson, G. Tsudik, M. Reed and C. Landwehr. Towards an Analysis of Onion Routing Security. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, p.96–114. Springer-Verlag, LNCS 2009, July 2000.Google Scholar
  4. [4]
    M. Reed, P. Syverson and D. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4): 482–494, May 1998.CrossRefGoogle Scholar
  5. [5]
    U. Moller, L. Cottrel, P. Palfrader and L. Sassaman. Mixmaster Protocol-Version 2. Draft, July 2003, Scholar
  6. [6]
    B. Levine, M. Reiter, C. Wang and M. Wright. Timing analysis in low-latency mix-based systems. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS, 2004.Google Scholar
  7. [7]
    C. Gulcu and G. Tsudik. Mixing E-mail with Babel. In Network and Distributed Security Symposium (NDSS 96), P.2–16. IEEE, February 1996.Google Scholar
  8. [8]
    G. Danezis, R. Dingledine and N. Mathewson. Mixminion: Design of a type-3 anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy, p.2–15. IEEE CS, May 2003.Google Scholar
  9. [9]
    J. Helsingius. press release. Google Scholar
  10. [10]
    Cottrel. Mixmaster and remailer attacks. Scholar
  11. [11]
    Jan Camenisch, Els Van Herreweghen: Design and Implementation of the Idemix Anonymous Credential System. Research Report RZ 3419, IBM Research Division, June 2002. Also appeared in ACM Computer and Communication Security 2002Google Scholar
  12. [12]
    Els van Herreweghen, Unidentifiability and Accountability in Electronic Transactions. PhD Thesis, KULeuven, 2004.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Vincent Naessens
    • 2
  • Bart De Decker
    • 1
  • Liesje Demuynck
    • 1
  1. 1.Department of Computer ScienceK.U.LeuvenLeuvenBelgium
  2. 2.K.U.Leuven, Campus Kortrijk (KULAK)KortrijkBelgium

Personalised recommendations