Multilateral Decisions for Collaborative Defense Against Unsolicited Bulk E-mail

  • Noria Foukia
  • Li Zhou
  • Clifford Neuman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)


Current anti-spam tools focus on filtering incoming e-mails. The scope of these tools is limited to local administrative domains. With such limited information, it is difficult to make accurate spam control decisions. We observe that sending servers process more information on their outgoing e-mail traffic than receiving servers do on their incoming traffic. Better spam control can be achieved if e-mail servers collaborate with one another by checking both outgoing and incoming traffic. However, the control of outgoing traffic provides little direct benefit to the sending server. Servers in different administrative domains presently have little incentive to improve spam control on other receiving servers, which hampers a move toward cross-domain collaboration. We propose a collaborative framework in which spam control decisions are drawn from the data aggregated within a group of e-mail servers across different administrative domains. The collaboration provides incentive for outgoing spam control. The servers that contribute to the control of outgoing spam are rewarded, while traffic restriction is imposed on the irresponsible servers. A Federated Security Context (FSC) is established to enable transparent negotiation of multilateral decisions among the group of collaborators without common trust. Information from trusted collaborators counts more for one’s final decision compared to information from untrustworthy servers. The FSC mitigates potential threats of fake information from malicious servers. The collaborative approach to spam control is more efficient than a decision in isolation, providing dynamic identification and adaptive restriction to spam generators.


Trust Rate Administrative Domain Incoming Traffic Malicious Server Outgoing Traffic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    RFC 2554 – SMTP Service Extension for Authentication Google Scholar
  2. 2.
    RFC 3207 – SMTP Service Extension for Secure SMTP over Transport Layer Security Google Scholar
  3. 3.
    Zhou, L., Neuman, C.: Negotiation of Multilateral Security Decisions for Grid Computing. Technical Report TR 2004-15 (October 8, 2004)Google Scholar
  4. 4.
    Nash, J.F.: Non-Cooperative Games. The Annals of Mathematics 54(2), 286–295 (1951)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Poundstone, W.: Prisoner’s Dilemma: John von Neumann, Game Theory, and the Puzzle of the Bomb. Oxford University Press, Oxford (1993)Google Scholar
  6. 6.
  7. 7.
    Mirkovic, J., Robinson, M., Reiher, P.: Alliance Formation for DDoS Defense. In: Proceedings of the 2003 Workshop on New Security Paradigms, Ascona, Switzerland (2003)Google Scholar
  8. 8.
    Papadopoulos, C., Lindell, R., Mhreinger, J., Hussain, A., Govindan, R.: COSSACK, Coordinated Suppression of Simultaneous Attacks. In: DARPA Information Survivability Conference and Exposition, Washington, DC, USA (2003)Google Scholar
  9. 9.
    Kaushik, S., Ammann, P., Wijesekera, D., Winsborough, W., Ritchtey, R.: A Policy Driven Approach for E-mail Services. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), New York, USA (2004)Google Scholar
  10. 10.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A P2P-Based Collaborative Spam Detection and Filtering. In: The Fourth IEEE International Conference on P2P Computing, Zurich, Switzerland, August 24-27 (2004)Google Scholar
  11. 11.
  12. 12.
    Distributed Checksum Clearinghouse:
  13. 13.
    SmartScreen, Microsoft Adds New Spam Filtering Technology Across E-Mail Platforms (November 17, 2003),
  14. 14.
  15. 15.
    Distributed Sender Blackhole List,
  16. 16.
    Postel, J.: Simple Mail Transfer Protocol. RFC 821 Internet Engineering Task Force (1982)Google Scholar
  17. 17.
    Jacob, P.: The Spam Problem: Moving Beyond RBLs (January 3, 2003),
  18. 18.
    Goodman, J., Rounthwaite, R.: Stopping Outgoing Spam. In: ACM Conference on Electronic Commerce, New York (2004)Google Scholar
  19. 19.
    Naor, M.: Verification of a Human in the Loop or Identification via the Turing Test (manuscript 1996),
  20. 20.
    Jung, J., Sit, E.: An Empirical Study of Spam traffic and the Use of DNS Black Lists. In: Internet Measurement Conference, Taormina, Italy (2004)Google Scholar
  21. 21.
    Zhou, L., Neuman, C.: Establishing Agreements in Dynamic Virtual Organizations. In: IEEE SECOVAL Workshop of SECURECOMM 2005, Athens, Greece, September 5-9 (2005)Google Scholar
  22. 22.
    Nowostawski, M., Purvis, M., Cranefield, S.: OPAL A Multi-level Infrastructure for Agent-Oriented Development. In: Proceedings of the First International Joint Conference on Autonomous Agents and Multi-Agent Systems (AAMAS 2002), pp. 88–89. ACM Press, New York (2002)Google Scholar
  23. 23.
    FIPA. Foundation For Intelligent Physical Agents (FIPA): FIPA, Specifications (2000),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Noria Foukia
    • 1
  • Li Zhou
    • 2
  • Clifford Neuman
    • 2
  1. 1.Information Science DepartmentUniversity of Otago, DunedinDunedin, OtagoNew Zealand
  2. 2.Information Sciences InstituteUniversity of Southern California (USC)Marina del ReyUSA

Personalised recommendations