Fighting E-Mail Abuses: The EMPE Approach

  • Massimiliano Pala
  • Antonio Lioy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4043)

Abstract

Electronic mail is one of the most used and abused service in today communication. While many efforts have been made to fight e-mail abuses, no effective solution has yet been developed. Furthermore new technologies (e.g. wireless roaming) and new user needs (e.g. mobility) completely break the existing e-mail authentication techniques based on network topology. In this paper we present the E-Mail Policy Enforcer system (EMPE) which provides a method to cryptographically bind the identity of the original sender of an e-mail to the message body by combining digital signatures and transport level authentication data.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Monty python’s flying circus: final sketch of the 25th show, Available: http://en.wikipedia.org/wiki/Spam_%28Monty_Python%29
  2. 2.
    Bilca, M., Lo, J., Kerrest, F., Wytock, D.: The Ethics of SPAM, Available: http://cse.stanford.edu/classes/cs201/projects-97-98/spam/
  3. 3.
    Linden, P.: Re: first case of spam, Available: http://www.rahul.net/falk/jjspam.txt
  4. 4.
    Net. general, the dinette set heard round the world, Available: http://groups.google.com/groups?selm=3375%40drutx.UUCP
  5. 5.
    Lindberg, G.: Anti-Spam Recommendations for SMTP MTAs, RFC-2505 (February 1999)Google Scholar
  6. 6.
    Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP 4). RFC-4271 (January 2006)Google Scholar
  7. 7.
    Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)CrossRefGoogle Scholar
  8. 8.
    Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure Border Gateway Protocol (S-BGP) — Real World Performance and Deployment Issues. In: Proceedings of Network and Distributed Systems Security 2000, Internet Society (February 2000)Google Scholar
  9. 9.
    Gauthronet, S., Drouard, E.: Unsolicited Commercial Communications and Data Protection (January 2001), Available: http://europa.eu.int/comm/justice_home/fsj/privacy/studies/spam_en.htm
  10. 10.
    Klensin, J.: Simple Mail Transfer Protocol. RFC-2821 (April 2001)Google Scholar
  11. 11.
    Resnick, P.: Internet Message Format. RFC-2822 (April 2001)Google Scholar
  12. 12.
    Myers, J., Rose, M.: Post office protocol. RFC-1939 (May 1996)Google Scholar
  13. 13.
    Mayers, J.: SMTP Service Extension for Authentication. RFC-2554 (March 1999)Google Scholar
  14. 14.
    Dierks, T., Allen, C.: The TLS Protocol. RFC-2246 (January 1999)Google Scholar
  15. 15.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC-2401 (November 1998)Google Scholar
  16. 16.
    Hoffman, P.: SMTP Service Extension for Secure SMTP over TLS. RFC-2487 (January 1999)Google Scholar
  17. 17.
    Sahami, M., Dumais, S., Heckerman, D., Horvitz, E.: A Bayesian Approach to Filtering Junk E-Mail. In: Learning for Text Categorization: Papers from the 1998 Workshop (July 1998)Google Scholar
  18. 18.
    Anti-Spam Research Group HomePage, Available: http://asrg.sp.am/
  19. 19.
    Lentczner, M., Wong, M.W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-MAIL, Internet draft (June 2005)Google Scholar
  20. 20.
    Fecyk, G.: Designated Mailers Protocol. Internet draft (May 2004)Google Scholar
  21. 21.
    Danisch, H.: The RMX DNS RR and method for lightweight SMTP sender authorization. Internet draft (May 2004)Google Scholar
  22. 22.
    Ramsdell, B.: Secure/Multipurpose Interet Mail Extensions (S/MIME) Version 3.1 Message Specification. RFC-3851 (July 2004)Google Scholar
  23. 23.
    Eastlake, D.: Domain Name System Security Extensions. RFC-2535 (March 1999)Google Scholar
  24. 24.
    Delany, M.: Domain–based Email Authentication Using Public–Keys Advertised in the DNS (DomainKeys). Internet draft (September 2005)Google Scholar
  25. 25.
    Domain Keys Identified Mail Working Group (DKIM), Available: http://www.ietf.org/html.charters/dkim-charter.html
  26. 26.
    Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: DomainKeys Identified Mail Signatures (DKIM). Internet draft (February 2006)Google Scholar
  27. 27.
    Sendmail HomePage, Available: http://www.sendmail.org
  28. 28.
    Milter Community HomePage, Available: http://www.milter.org
  29. 29.
    OpenSSL Project HomePage, Available: http://www.openssl.org
  30. 30.
    Trusted Computing Working Group Homepage, Available: https://www.trustedcomputinggroup.org
  31. 31.
    Farrel, R.S.: An Internet Attribute Certificate Profile for Authorization. RFC-3281 (April 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Massimiliano Pala
    • 1
  • Antonio Lioy
    • 1
  1. 1.Dip. di Automatica e InformaticaPolitecnico di TorinoTorinoItaly

Personalised recommendations