Naftaly Minsky
Computer Science Department
Rutgers University

The Spam “Arms Race” and its Discontent
 The effectiveness of the anti-spam efforts is impressive.
 Yet, there is an arms race between spammers and anti-spammers—with no end in sight.
 The harmful effects of this arms race:
 It undermines the credibility of email, due to:
• the false-positive results of filtering.
• the black-listings created by unregulated vigilantes [Lessig.
Code, Version 2.0, 2006].
 The overall traffic of spam seems to be increasing.
N. Minsky---pervasive computing, Oct. 07 2

1.
The content of messages.
2.
The reputation of email senders & ESPs
3. The “spam immune” email-sending protocols, which are unlikely to generate spam.
 payment protocols (e.g., stamps);
 rate limiting protocols ;
 opt-out and opt-in protocols.
 The immune sending protocols have only a minor impact so far—but it is our focus here.
N. Minsky---pervasive computing, Oct. 07 3

Making Spam-Immune Sending Protocols
Useful for Reducing Spam
 Claim: immune protocols can help reduce spam, if the receiver of an email can recognize the protocol that generated it.
 We call such an ability “ law-based trust” (or
L-trust) which is the basis for the proposed trustworthy Self Regulation (TSR) email.
 L-trust is provided by LGI, but conventional realizations of i-protocols have hard time satisfying it.
N. Minsky---pervasive computing, Oct. 07 4

The concept of law-based trust (L-trust)
Under TSR
1.
there is a language for writing message-sending protocols (TSR-laws).
2.
There is an SMTP-compliant mechanism for sending emails subject to any given TSR-law L.
3.
Definition [L-trust] : The recipient of an email has an L-trust in it, if it can determine with reasonably justified confidence, whether or not it is a TSR-email; and if so, it can identify the law under which this message has been sent.
N. Minsky---pervasive computing, Oct. 07 5

 For a single law L1:
 use a TCB (T L1 ) to mediate sending under a stateful law L1.
L1
S
* It is badly unscalable
N. Minsky---pervasive computing, Oct. 07
L1
6

Support for L-Trust via
Distributed TCB (DTCB) users
Alice
L
S x
T
A
L
Bob users the DTCB of TSR
Such a DTCB can be used for much more than TSR-email, like: e-commerce, governance of enterprise systems, security of grids, etc
Conjecture: A DTCB can be made more dependable, and more secure, than centralized TCB.
N. Minsky---LaSMAA07workshop March,07 7

 A user Alice (A) who intends to send P-emails, starts by adopting a controller T
A
P and instructs it to purchases 1000 stamps from a specified stamp vendor, saving the term stamps(1000) in the state of
T
A
P.
 Alice sends her P-email via controller T
A
P , which would forward an email only if it has at least one stamp in its state; and every email sent by this controller would consume one of its stamps.
 No stamps are sent to the target of the message, and none is required.
N. Minsky---pervasive computing, Oct. 07 8

N. Minsky---pervasive computing, Oct. 07
MSA-mail submission agent
MDA-mail delivery agent
9

Spam Reduction via
Incremental Deployment of TSR-Based Email
 Assuming that the controllers designed for mediating TSRemail are provided broadly over the Internet
 Several TSR-laws will become popular for their immunity.
 Substantial number of users will choose one or more i-laws for preferential treatment. And standards will develop for publishing the preferred i-laws of users.
 Email users would increasingly employ TSR for sending
email, subject to a preferred law by each destination.
 two reasons to believe that these trends would materialize:
 It is a win-win proposition
 TSR-email can be used together with traditional email.
 TSR can ultimately be made into the standard
N. Minsky---pervasive computing, Oct. 07 10

 A wide ranging deployment of the DTCB of TSR is a formidable proposition.
 But it is the same DTCB that underline LGI, which has a wide range of applications.
 Such as securing B2B commerce, supporting the governance of enterprise systems, and of grid-like federations of institutions.
 It is for the sake of this type of critical applications that such a DTCB may end up being deployed over the Internet, enabling TSR-email as well.
N. Minsky---pervasive computing, Oct. 07 11

 I am seeking help for the implementation of
TSR email, and for experimenting with it.
 A Draft paper can be found in my webcite: http://www.cs.rutgers.edu/~minsky/index.html
under “selected papers”; it is entitled:
“ Reducing Spam via Trustworthy Self Regulation by
Email Senders”
N. Minsky---pervasive computing, Oct. 07 12