The lack of transparency for Internet communication prevents effective mitigation of today's security threats: i) Source addresses cannot be trusted and enable untraceable reflection attacks. ii) Malicious communication is opaque to all network entities, except for the receiver; and although ISPs are control points that can stop such attacks, effective detection and mitigation requires information that is available only at the end hosts. We propose TRIS, an architecture that bootstraps transparency for Internet communication. TRIS enables the definition of misbehavior according to the unique requirements of hosts, and then it constructs verifiable evidence of misbehavior. First, hosts express desired traffic properties for incoming traffic; a deviation from these properties signifies misbehavior. Second, ISPs construct verifiable evidence of misbehavior for the traffic they forward. If misbehavior is detected, it can then be proven to the ISPs of the communicating hosts. We implement our architecture on commodity hardware and demonstrate that verifiable proof of misbehavior introduces little overhead with respect to bandwidth and packet processing in the network: our prototype achieves line-rate performance for common packet sizes, saturating a 10 Gbps link with a single CPU core. In addition, we tackle incremental deployment issues and describe interoperability with today's Internet architecture.