Enhancing Email Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007
Contents • Introduction • Related Works • Our Proposed Method • Advantages • Conclusion
Introduction • SPAM • Consume recipients’ time and work • Consume resources of Mail Transfer Agents (MTAs) • Deliver with virus, spy-ware and/or ad-ware • Contain phishing content to break the users’ privacy
Introduction • Jupiter Research estimates the average e-mail user will receive more than 3,900 spam mails per year by 2007, up from just 40 in 1999, and Ferris Research estimates spam costs U.S. companies 10 billion in 2003 and a user spends on the average 4 seconds to process a SPAM mail. 
Related works • Anti-spam Solutions Category • Filtering  • Origin-based filtering • Content-based filtering • Traffic-based filtering • Policy-Control • Human-interactive Completely Automatic Public Turing Test to tell Computer and Humans Apart (CAPTCHA)  • Address-hiding
Related works • Filtering • Origin-based filter checks sender information with certain keywords, string styles and compares with recipients’ whitelist and blacklist. • Content-based filter analyzes the body content of the email message by complex algorithms and maintain the knowledge base to realize self-learning. • Traffic-based filter examines the network traffic on the email server and gather the server logging information to determine the spam probability.
Related works User interface of SOPHOS spam filter about quarantine and whitelist and blacklist.
Related works • Policy-Control • Non-technical policy restriction. More and more governments defined regulations and acts to restrict spammers performing the spam spreading. • Technical policy restriction. Change the protocol regulation can restrict spam message delivery for the technology that the spammers currently are using.
Related works • Human-Interactive • Completely Automatic Public Turing Test to Tell Computer and Humans Apart (CAPTCHA) Ttriggered by the recipient MTA to send a verification string back to sender to verify the sender is a real human. Samples of CAPTCHA string
Related works • Address-hiding Hide the unique character in the email address, the symbol @ email@example.com at domain dot com
Our Proposed Method • Make email addresses on the Internet be unsearchable by scanning program. • Encrypt both sender and recipients email addresses to prevent hijacking during the transferring.
Our Proposed Method • How the spammers get bulk email addresses • Buy the millions of email addresses from some organizations. • Scan the Internet addresses from the Internet web pages or some web pages that contain email addresses.
Our Proposed Method • Make email addresses on the Internet be unreachable by scanning program firstname.lastname@example.org <br><div> email@example.com</div></br> <img src="/imgs/emailaddress/username.gif" />
Our Proposed Method • Encrypt both sender and recipients email addresses to prevent hijacking during the transferring • The MTA randomly generates a MessageID and assign it to the email which arrived to the MTA. • Before sending out the email message to destination MTA, sender relay host sends a SMTP socket with MessageID to recipient MTA to ask for returning a key generated by using the MessageID on the recipient server.
Our Proposed Method • Encrypt both sender and recipients email addresses to prevent hijacking during the transferring (continue) • Sender MTA uses this key to encrypt all the email addresses in the message (SendTo, CopyTo and From, etc) to generate the encrypted code for the part of email address before “@” symbol. firstname.lastname@example.orgQerg4mF7@gmail.com • After the message arrived the recipient MTA, the host uses the original MessageID to decrypt the email addresses in the email message and assign a new MessageID for delivery.
Our Proposed Method Diagram of encoding email addresses
Advantages • Reduces the SPAM from the root. • Compatibility and maintain the standard. • Low cost of network traffic. • Easy to implement. • Gain the initiative in the anti-spam combat.
Conclusions • The first approach convert posted email addresses to graphical pictures rather than expose the character strings to prevent spammers use scanning program to search them out. • The second approach use an encryption method to secure the email addresses to avoid hijacking during the email transferring.
References •  Ming-Wei Wu; Yennun Huang; Shyue-Kung Lu; Ing-Yi Chen; Sy-Yen Kuo, “A Multi-faceted approach towards spam-resistible mail”, Dependable Computing, 2005. Proceeding, 11th Pacific Rim International Symposium, Page(s): 9 pp, Dec, 2005. •  Yanhui Guo; Yaolong Zhang; Jianyi Liu; Cong Wang, “Research on the Comprehensive Anti-Spam Filter”, Industrial Informatics, 2006 IEEE International Conference, Page(s) 1069-1074, Aug, 2006 •  Sajad Shirali-Shahreza; Ali Movaghar, “A New Anti-Spam Protocol Using CAPTCHA”, Networking, Sensing and Control, 2007 IEEE International Conference, Page(s) 234-238, April, 2007