E-mail Sender Identification through Trusted Local Deposit-Agents

Email spam is one of the social problems we face every day. Another relating crucial problem is the massive spam sent from the legitimate home computers compromised by the malware called bot. Although the schemes for identifying email senders are one of powerful arms against spam and spamming bot, the current major such schemes, such as the Domain Keys Identified Mail (DKIM), cannot identify spamming bots since they identify the email domains, but not the email addresses, of senders. Moreover, the schemes are not necessarily easy for the users on home computers to benefit from, because beforehand the records for authorizing the domains to send emails have to be registered in the Domain Name System (DNS). Then the home users may not be able to register the records due to the lack of knowledge for the registering. In addition, the DNS has some vulnerabilities for attacks such as pharming. To cope with the problem above, this paper presents a scheme for identifying the email addresses of senders that uses no DNS, and hence, is easy to register also for home users, we embed our scheme into the Simple Mail Transfer Protocol (SMTP). A subtle problem when using no DNS is where to locate out trusted core, instead the DNS. In our scheme, an authorizer, i.e., an email service provider to which the home users subscribe or the administrator of an organization's email system, registers a one-time secret in the deposit agents, i.e., our trusted core, which are the hosts trusted by and local to the authorizer. We evaluate our scheme by analyzing its usability, security, performance overhead, and so on.

[1]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[2]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[3]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[4]  M.I. Aziz,et al.  Introduction to Cryptography , 2002, 2005 International Conference on Microelectronics.

[5]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[6]  Alexey Melnikov,et al.  SMTP Service Extension for Authentication , 2007, RFC.

[7]  John Leslie Domain Name Accreditation (DNA) , 2005 .

[8]  Scott Rose,et al.  Protocol Modifications for the DNS Security Extensions , 2005, RFC.

[9]  Daniel Massey,et al.  Protocol Modifications for the DNS Security Extensions RFC 4035 | NIST , 2005 .

[10]  Douglas Otis,et al.  Client SMTP Authorization (CSA) , 2005 .

[11]  Richard Mollin An introduction to cryptography , 2001, CRC Press series on discrete mathematics and its applications.

[12]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[13]  Meng Weng Wong,et al.  Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1 , 2006, RFC.

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[16]  Chris Newman,et al.  Using Digest Authentication as a SASL Mechanism , 2000, RFC.

[17]  George Lawton E-mail authentication is here, but has it arrived yet? , 2005, Computer.

[18]  Dave Crocker Certified Server Validation (CSV) , 2005 .

[19]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[20]  Lyndon Nerenberg The CRAM-MD5 SASL Mechanism , 2008 .

[21]  Murray S. Kucherawy,et al.  DomainKeys Identified Mail (DKIM) Signatures , 2011, RFC.

[22]  Emin Gün Sirer,et al.  Perils of transitive trust in the domain name system , 2005, IMC '05.

[23]  Jimmy McGibney,et al.  A Trust Overlay Architecture and Protocol for Enhanced Protection against Spam , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[24]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[25]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[26]  Sajad Shirali-Shahreza,et al.  A New Anti-Spam Protocol Using CAPTCHA , 2007, 2007 IEEE International Conference on Networking, Sensing and Control.

[27]  Fulu Li,et al.  An Empirical Study of Clustering Behavior of Spammers and Group-based Anti-Spam Strategies , 2006, CEAS.

[28]  Carlos Maziero,et al.  A Trust Model for a Group of E-mail Servers , 2008, CLEI Electron. J..

[29]  Paul E. Hoffman,et al.  SMTP Service Extension for Secure SMTP over Transport Layer Security , 2002, RFC.