1 / 13

Naftaly Minsky Computer Science Department Rutgers University

Reducing Spam by Not Sending it or Can the Spam “Arms Race” be Won?. Naftaly Minsky Computer Science Department Rutgers University. The Spam “Arms Race” and its Discontent. The effectiveness of the anti-spam efforts is impressive.

dterri
Download Presentation

Naftaly Minsky Computer Science Department Rutgers University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reducing Spam by Not Sending it or Can the Spam “Arms Race” be Won? Naftaly Minsky Computer Science Department Rutgers University

  2. The Spam “Arms Race”and its Discontent • The effectiveness of the anti-spam efforts is impressive. • Yet, there is an arms race between spammers and anti-spammers—with no end in sight. • The harmful effects of this arms race: • It undermines the credibility of email, due to: • the false-positive results of filtering. • the black-listings created by unregulated vigilantes [Lessig. Code, Version 2.0, 2006]. • The overall traffic of spam seems to be increasing.

  3. The Elements of Anti-Spam Measures • The content of messages. • The reputation of email senders & ESPs • The “spam immune” email-sending protocols, which are unlikely to generate spam. • payment protocols (e.g., stamps); • rate limiting protocols ; • opt-out and opt-in protocols. • The immune sending protocols have only a minor impact so far—but it is our focus here.

  4. Making Spam-Immune Sending ProtocolsUseful for Reducing Spam Claim: immune protocols can help reduce spam, if the receiver of an email can recognize the protocol that generated it. We call such an ability “law-based trust” (or L-trust) which is the basis for the proposedtrustworthy Self Regulation (TSR) email. L-trust is provided by LGI, but conventional realizations of i-protocols have hard time satisfying it.

  5. The concept of law-based trust (L-trust)Under TSR • there is a language for writing message-sending protocols (TSR-laws). • There is an SMTP-compliant mechanism for sending emails subject to any given TSR-law L. • Definition [L-trust] : The recipient of an email has an L-trust in it, if it can determine with reasonably justified confidence, whether or not it is a TSR-email; and if so, it can identify the law under which this message has been sent.

  6. Naïve Support for L-Trust L1 S * It is badly unscalable • For a single law L1: • use a TCB (TL1) to mediate sending under a stateful law L1. L1

  7. L m ==> Bob adopt(L) Sx TAL Support for L-Trust via Distributed TCB (DTCB) users users Bob Alice the DTCB of TSR Such a DTCB can be used for much more than TSR-email, like: e-commerce, governance of enterprise systems, security of grids, etc Conjecture: A DTCB can be made more dependable, andmore secure, than centralized TCB.

  8. A Paid Postage Law (P)—an Example A user Alice (A) who intends to send P-emails, starts by adopting a controller TAP and instructs it to purchases 1000 stamps from a specified stamp vendor, saving the term stamps(1000) in the state of TAP. Alice sends her P-email via controller TAP , which would forward an email only if it has at least one stamp in its state; and every email sent by this controller would consume one of its stamps. No stamps are sent to the target of the message, and none is required.

  9. Realization of Stamp-Based Email MSA-mail submission agent MDA-mail delivery agent

  10. Spam Reduction via Incremental Deployment of TSR-Based Email • Assuming that the controllers designed for mediating TSR-email are provided broadly over the Internet • Several TSR-laws will become popular for their immunity. • Substantial number of users will choose one or more i-laws for preferential treatment. And standards will develop for publishing the preferred i-laws of users. • Email users would increasingly employ TSR for sending email, subject to a preferred law by each destination. • two reasons to believe that these trends would materialize: • It is a win-win proposition • TSR-email can be used together with traditional email. • TSR can ultimately be made into the standard

  11. On the Deployment of the DTCB of TSR • A wide ranging deployment of the DTCB of TSR is a formidable proposition. • But it is the same DTCB that underline LGI, which has a wide range of applications. • Such as securing B2B commerce, supporting the governance of enterprise systems, and of grid-like federations of institutions. • It is for the sake of this type of critical applications that such a DTCB may end up being deployed over the Internet, enabling TSR-email as well.

  12. Conclusion I am seeking help for the implementation of TSR email, and for experimenting with it. A Draft paper can be found in my webcite:http://www.cs.rutgers.edu/~minsky/index.htmlunder “selected papers”; it is entitled: “ Reducing Spam via Trustworthy Self Regulation by Email Senders”

  13. Thank You. Questions?

More Related