Enhancing Email Address Privacy on AntiSPAM

1
Enhancing Email Address Privacy on Anti-SPAM

• by
• Dou Wang and Ying Chen
• School of Computer Science
• University of Windsor
• October 2007

2
Contents

• Introduction
• Related Works
• Our Proposed Method
• Advantages
• Conclusion

3
Introduction

• SPAM
• Consume recipients time and work
• Consume resources of Mail Transfer Agents (MTAs)
• Deliver with virus, spy-ware and/or ad-ware
• Contain phishing content to break the users
  privacy

4
Introduction

• Jupiter Research estimates the average e-mail
  user will receive more than 3,900 spam mails per
  year by 2007, up from just 40 in 1999, and Ferris
  Research estimates spam costs U.S. companies 10
  billion in 2003 and a user spends on the average
  4 seconds to process a SPAM mail. 1

5
Related works

• Anti-spam Solutions Category
• Filtering 2
• Origin-based filtering
• Content-based filtering
• Traffic-based filtering
• Policy-Control
• Human-interactive
• Completely Automatic Public Turing Test to tell
  Computer and Humans Apart (CAPTCHA) 3
• Address-hiding

6
Related works

• Filtering
• Origin-based filter checks sender information
  with certain keywords, string styles and compares
  with recipients whitelist and blacklist.
• Content-based filter analyzes the body content of
  the email message by complex algorithms and
  maintain the knowledge base to realize
  self-learning.
• Traffic-based filter examines the network traffic
  on the email server and gather the server logging
  information to determine the spam probability.

7
Related works
User interface of SOPHOS spam filter about
quarantine and whitelist and blacklist.
8
Related works

• Policy-Control
• Non-technical policy restriction. More and more
  governments defined regulations and acts to
  restrict spammers performing the spam spreading.
• Technical policy restriction. Change the protocol
  regulation can restrict spam message delivery for
  the technology that the spammers currently are
  using.

9
Related works

• Human-Interactive
• Completely Automatic Public Turing Test to Tell
  Computer and Humans Apart (CAPTCHA)
• Ttriggered by the recipient MTA to send a
  verification string back to sender to verify the
  sender is a real human.

Samples of CAPTCHA string
10
Related works

• Address-hiding
• Hide the unique character in the email address,
  the symbol _at_
• userid_at_domain.com userid at domain dot com

11
Our Proposed Method

• Make email addresses on the Internet be
  unsearchable by scanning program.
• Encrypt both sender and recipients email
  addresses to prevent hijacking during the
  transferring.

12
Our Proposed Method

• How the spammers get bulk email addresses
• Buy the millions of email addresses from some
  organizations.
• Scan the Internet addresses from the Internet web
  pages or some web pages that contain email
  addresses.

13
Our Proposed Method

• Make email addresses on the Internet be
  unreachable by scanning program

username_at_company.com
ltbrgtltdivgt username_at_company.calt/divgtlt/brgt
ltimg src"/imgs/emailaddress/username.gif" /gt
14
Our Proposed Method

• Encrypt both sender and recipients email
  addresses to prevent hijacking during the
  transferring
• The MTA randomly generates a MessageID and assign
  it to the email which arrived to the MTA.
• Before sending out the email message to
  destination MTA, sender relay host sends a SMTP
  socket with MessageID to recipient MTA to ask for
  returning a key generated by using the MessageID
  on the recipient server.

15
Our Proposed Method

• Encrypt both sender and recipients email
  addresses to prevent hijacking during the
  transferring (continue)
• Sender MTA uses this key to encrypt all the email
  addresses in the message (SendTo, CopyTo and
  From, etc) to generate the encrypted code for the
  part of email address before _at_ symbol.
• userid_at_gmail.com
  1Qerg4mF7_at_gmail.com
• After the message arrived the recipient MTA, the
  host uses the original MessageID to decrypt the
  email addresses in the email message and assign a
  new MessageID for delivery.

16
Our Proposed Method
Diagram of encoding email addresses
17
Advantages

• Reduces the SPAM from the root.
• Compatibility and maintain the standard.
• Low cost of network traffic.
• Easy to implement.
• Gain the initiative in the anti-spam combat.

18
Conclusions

• The first approach convert posted email addresses
  to graphical pictures rather than expose the
  character strings to prevent spammers use
  scanning program to search them out.
• The second approach use an encryption method to
  secure the email addresses to avoid hijacking
  during the email transferring.

19

• ?

20
References

• 1 Ming-Wei Wu Yennun Huang Shyue-Kung Lu
  Ing-Yi Chen Sy-Yen Kuo, A Multi-faceted
  approach towards spam-resistible mail,
  Dependable Computing, 2005. Proceeding, 11th
  Pacific Rim International Symposium, Page(s) 9
  pp, Dec, 2005.
• 2 Yanhui Guo Yaolong Zhang Jianyi Liu Cong
  Wang, Research on the Comprehensive Anti-Spam
  Filter, Industrial Informatics, 2006 IEEE
  International Conference, Page(s) 1069-1074, Aug,
  2006
• 3 Sajad Shirali-Shahreza Ali Movaghar, A New
  Anti-Spam Protocol Using CAPTCHA, Networking,
  Sensing and Control, 2007 IEEE International
  Conference, Page(s) 234-238, April, 2007