Abstract
Electronic mail is one of the most used and abused service in today communication. While many efforts have been made to fight e-mail abuses, no effective solution has yet been developed. Furthermore new technologies (e.g. wireless roaming) and new user needs (e.g. mobility) completely break the existing e-mail authentication techniques based on network topology. In this paper we present the E-Mail Policy Enforcer system (EMPE) which provides a method to cryptographically bind the identity of the original sender of an e-mail to the message body by combining digital signatures and transport level authentication data.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Monty python’s flying circus: final sketch of the 25th show, Available: http://en.wikipedia.org/wiki/Spam_%28Monty_Python%29
Bilca, M., Lo, J., Kerrest, F., Wytock, D.: The Ethics of SPAM, Available: http://cse.stanford.edu/classes/cs201/projects-97-98/spam/
Linden, P.: Re: first case of spam, Available: http://www.rahul.net/falk/jjspam.txt
Net. general, the dinette set heard round the world, Available: http://groups.google.com/groups?selm=3375%40drutx.UUCP
Lindberg, G.: Anti-Spam Recommendations for SMTP MTAs, RFC-2505 (February 1999)
Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP 4). RFC-4271 (January 2006)
Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)
Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure Border Gateway Protocol (S-BGP) — Real World Performance and Deployment Issues. In: Proceedings of Network and Distributed Systems Security 2000, Internet Society (February 2000)
Gauthronet, S., Drouard, E.: Unsolicited Commercial Communications and Data Protection (January 2001), Available: http://europa.eu.int/comm/justice_home/fsj/privacy/studies/spam_en.htm
Klensin, J.: Simple Mail Transfer Protocol. RFC-2821 (April 2001)
Resnick, P.: Internet Message Format. RFC-2822 (April 2001)
Myers, J., Rose, M.: Post office protocol. RFC-1939 (May 1996)
Mayers, J.: SMTP Service Extension for Authentication. RFC-2554 (March 1999)
Dierks, T., Allen, C.: The TLS Protocol. RFC-2246 (January 1999)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC-2401 (November 1998)
Hoffman, P.: SMTP Service Extension for Secure SMTP over TLS. RFC-2487 (January 1999)
Sahami, M., Dumais, S., Heckerman, D., Horvitz, E.: A Bayesian Approach to Filtering Junk E-Mail. In: Learning for Text Categorization: Papers from the 1998 Workshop (July 1998)
Anti-Spam Research Group HomePage, Available: http://asrg.sp.am/
Lentczner, M., Wong, M.W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-MAIL, Internet draft (June 2005)
Fecyk, G.: Designated Mailers Protocol. Internet draft (May 2004)
Danisch, H.: The RMX DNS RR and method for lightweight SMTP sender authorization. Internet draft (May 2004)
Ramsdell, B.: Secure/Multipurpose Interet Mail Extensions (S/MIME) Version 3.1 Message Specification. RFC-3851 (July 2004)
Eastlake, D.: Domain Name System Security Extensions. RFC-2535 (March 1999)
Delany, M.: Domain–based Email Authentication Using Public–Keys Advertised in the DNS (DomainKeys). Internet draft (September 2005)
Domain Keys Identified Mail Working Group (DKIM), Available: http://www.ietf.org/html.charters/dkim-charter.html
Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: DomainKeys Identified Mail Signatures (DKIM). Internet draft (February 2006)
Sendmail HomePage, Available: http://www.sendmail.org
Milter Community HomePage, Available: http://www.milter.org
OpenSSL Project HomePage, Available: http://www.openssl.org
Trusted Computing Working Group Homepage, Available: https://www.trustedcomputinggroup.org
Farrel, R.S.: An Internet Attribute Certificate Profile for Authorization. RFC-3281 (April 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pala, M., Lioy, A. (2006). Fighting E-Mail Abuses: The EMPE Approach. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_11
Download citation
DOI: https://doi.org/10.1007/11774716_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35151-1
Online ISBN: 978-3-540-35152-8
eBook Packages: Computer ScienceComputer Science (R0)