Reducing Spam by Not Sending it

advertisement

Reducing Spam by Not Sending it or

Can the Spam “Arms Race” be Won?

Naftaly Minsky

Computer Science Department

Rutgers University

The Spam “Arms Race” and its Discontent

 The effectiveness of the anti-spam efforts is impressive.

 Yet, there is an arms race between spammers and anti-spammers—with no end in sight.

 The harmful effects of this arms race:

 It undermines the credibility of email, due to:

• the false-positive results of filtering.

• the black-listings created by unregulated vigilantes [Lessig.

Code, Version 2.0, 2006].

 The overall traffic of spam seems to be increasing.

N. Minsky---pervasive computing, Oct. 07 2

The Elements of Anti-Spam Measures

1.

The content of messages.

2.

The reputation of email senders & ESPs

3. The “spam immune” email-sending protocols, which are unlikely to generate spam.

payment protocols (e.g., stamps);

 rate limiting protocols ;

 opt-out and opt-in protocols.

The immune sending protocols have only a minor impact so far—but it is our focus here.

N. Minsky---pervasive computing, Oct. 07 3

Making Spam-Immune Sending Protocols

Useful for Reducing Spam

 Claim: immune protocols can help reduce spam, if the receiver of an email can recognize the protocol that generated it.

 We call such an ability law-based trust” (or

L-trust) which is the basis for the proposed trustworthy Self Regulation (TSR) email.

 L-trust is provided by LGI, but conventional realizations of i-protocols have hard time satisfying it.

N. Minsky---pervasive computing, Oct. 07 4

The concept of law-based trust (L-trust)

Under TSR

1.

there is a language for writing message-sending protocols (TSR-laws).

2.

There is an SMTP-compliant mechanism for sending emails subject to any given TSR-law L.

3.

Definition [L-trust] : The recipient of an email has an L-trust in it, if it can determine with reasonably justified confidence, whether or not it is a TSR-email; and if so, it can identify the law under which this message has been sent.

N. Minsky---pervasive computing, Oct. 07 5

Naïve Support for L-Trust

 For a single law L1:

 use a TCB (T L1 ) to mediate sending under a stateful law L1.

L1

S

* It is badly unscalable

N. Minsky---pervasive computing, Oct. 07

L1

6

Support for L-Trust via

Distributed TCB (DTCB) users

Alice

L

S x

T

A

L

Bob users the DTCB of TSR

Such a DTCB can be used for much more than TSR-email, like: e-commerce, governance of enterprise systems, security of grids, etc

Conjecture: A DTCB can be made more dependable, and more secure, than centralized TCB.

N. Minsky---LaSMAA07workshop March,07 7

A Paid Postage Law (P)—an Example

 A user Alice (A) who intends to send P-emails, starts by adopting a controller T

A

P and instructs it to purchases 1000 stamps from a specified stamp vendor, saving the term stamps(1000) in the state of

T

A

P.

 Alice sends her P-email via controller T

A

P , which would forward an email only if it has at least one stamp in its state; and every email sent by this controller would consume one of its stamps.

 No stamps are sent to the target of the message, and none is required.

N. Minsky---pervasive computing, Oct. 07 8

Realization of Stamp-Based Email

N. Minsky---pervasive computing, Oct. 07

MSA-mail submission agent

MDA-mail delivery agent

9

Spam Reduction via

Incremental Deployment of TSR-Based Email

 Assuming that the controllers designed for mediating TSRemail are provided broadly over the Internet

 Several TSR-laws will become popular for their immunity.

 Substantial number of users will choose one or more i-laws for preferential treatment. And standards will develop for publishing the preferred i-laws of users.

 Email users would increasingly employ TSR for sending

email, subject to a preferred law by each destination.

 two reasons to believe that these trends would materialize:

 It is a win-win proposition

 TSR-email can be used together with traditional email.

 TSR can ultimately be made into the standard

N. Minsky---pervasive computing, Oct. 07 10

On the Deployment of the DTCB of TSR

 A wide ranging deployment of the DTCB of TSR is a formidable proposition.

 But it is the same DTCB that underline LGI, which has a wide range of applications.

 Such as securing B2B commerce, supporting the governance of enterprise systems, and of grid-like federations of institutions.

 It is for the sake of this type of critical applications that such a DTCB may end up being deployed over the Internet, enabling TSR-email as well.

N. Minsky---pervasive computing, Oct. 07 11

Conclusion

 I am seeking help for the implementation of

TSR email, and for experimenting with it.

 A Draft paper can be found in my webcite: http://www.cs.rutgers.edu/~minsky/index.html

under “selected papers”; it is entitled:

“ Reducing Spam via Trustworthy Self Regulation by

Email Senders”

N. Minsky---pervasive computing, Oct. 07 12

Thank You.

Questions?

Download