Incorporating accountability into internet email

Email used to be the "number one killer application" of the Internet. However, misuse and abuse such as spam, phishing, and malware attacks have plagued the email systems. Considering deterrence as important as prevention and protection in countering misuse and abuse, we aim to improve the accountability in the email system beyond identification and non-repudiability. Full accountability should be an intrinsic condition for trust, and it constitutes the basis of deterrence against email misuse and abuse. Therefore, we propose to use a layered trust management framework to help email receivers eliminate their unwitting trust and provide them with accountability support. This helps systems to deter misuses and address wrongdoings. By describing and analyzing how our trust management facilitates email accountability, we also show that it can be used to improve the trustworthiness of the Internet services as a whole.

[1]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[2]  Jeffrey S. Chase,et al.  Trust but verify: accountability for network services , 2004, EW 11.

[3]  G. Hardin,et al.  The Tragedy of the Commons , 1968, Green Planet Blues.

[4]  Fang Yu,et al.  How dynamic are IP addresses? , 2007, SIGCOMM '07.

[5]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[6]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[8]  Matt Blaze,et al.  Transparent Internet E-mail Security , 1996 .

[9]  Brett Watson,et al.  Beyond Identity: Addressing Problems that Persist in an Electronic Mail System with Reliable Sender Identification , 2004, CEAS.

[10]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[11]  Gautam Singaraju,et al.  RepuScore: Collaborative Reputation Management Framework for Email Infrastructure , 2007, LISA.

[12]  Xin Yuan,et al.  Behavioral Characteristics of Spammers and Their Network Reachability Properties , 2007, 2007 IEEE International Conference on Communications.

[13]  Heng Yin,et al.  An effective defense against email spam laundering , 2006, CCS '06.

[14]  Emil Sit,et al.  An empirical study of spam traffic and the use of DNS black lists , 2004, IMC '04.

[15]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[16]  Rob Miller,et al.  Johnny 2: a user test of key continuity management with S/MIME and Outlook Express , 2005, SOUPS '05.

[17]  Ari Juels,et al.  $evwu Dfw , 1998 .

[18]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[19]  Eric Allman The Economics of Spam , 2003 .

[20]  Robert Metcalfe What's Wrong with the Internet: It's the Economy, Stupid , 1997, IEEE Internet Computing.

[21]  Ronald L. Rivest,et al.  Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails , 2005 .

[22]  Steven M. Bellovin Spamming, phishing, authentication, and privacy , 2004, CACM.

[23]  Andy C. Bavier,et al.  Decentralized trust management and accountability in federated systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.