A New Anti-Spam Protocol Using CAPTCHA

Today sending spams has turned to be a major problem in the Internet. It is so serious that more than 80% of the transferred emails are spams. As a result, various methods have been proposed for preventing spams. One of these methods in this field is CAPTCHA (Completely Automatic Public Turing Test to tell Computer and Humans Apart) method. They have been developed to prevent automatically made accounts in sites which offer free email accounts. In this paper a new protocol is presented for authentication of users which enable us to confirm that a user is a human using CAPTCHA method. By using this protocol for authentication of users, we can design secure mail servers in order to prevent zombie computers sending spams by our server. This protocol has been designed according to CRAM-MD5 protocol and has been implemented under the SASL (simple authentication and security layer). This protocol can be implemented easily and enjoys high flexibility and versatility.

[1]  Li Guo,et al.  A traffic-classified technique for filtering spam from bulk delivery E-mails , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[2]  Benjamin Kuipers,et al.  Zmail: zero-sum free market control of spam , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[3]  J. Doug Tygar,et al.  Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks , 2005, HIP.

[4]  Mikko T. Siponen,et al.  Effective Anti-Spam Strategies in Companies: An International Study , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[5]  Bogdan Hoanca,et al.  How good are our weapons in the spam wars? , 2006, IEEE Technology and Society Magazine.

[6]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[7]  S. J. Vaughan-Nichols Saving private e-mail , 2003 .

[8]  Alexey Melnikov,et al.  SMTP Service Extension for Authentication , 2007, RFC.

[9]  P. Oscar Boykin,et al.  Collaborative Spam Filtering Using E-Mail Networks , 2006, Computer.

[10]  David Irby,et al.  SpamCooker: A Method for Deterring Unsolicited Electronic Communications , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[11]  Roberto Battiti,et al.  "May I borrow your filter?" Exchanging filters to combat spam in a community , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[12]  Erich M. Nahum,et al.  A study of Internet instant messaging and chat protocols , 2006, IEEE Network.

[13]  John G. Myers SMTP Service Extension for Authentication , 1999, RFC.

[14]  Lyndon Nerenberg The CRAM-MD5 SASL Mechanism , 2008 .

[15]  Nitin Kumar,et al.  Controlling spam Emails at the routers , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[16]  Dongwook Shin,et al.  Progressive multi gray-leveling: a voice spam protection algorithm , 2006, IEEE Network.

[17]  George Lawton E-mail authentication is here, but has it arrived yet? , 2005, Computer.

[18]  Shyue-Kung Lu,et al.  A multi-faceted approach towards spam-resistible mail , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).

[19]  Kang Li,et al.  Towards an Ontology Driven Spam Filter , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[20]  Katsumi Takahashi,et al.  Spam Filtering with Cryptographic Ad-hoc E-mail Addresses , 2005, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops).

[21]  Shari Lawrence Pfleeger,et al.  Canning SPAM: Proposed solutions to unwanted email , 2005, IEEE Security & Privacy Magazine.

[22]  Shouhuai Xu,et al.  Towards blocking outgoing malicious impostor emails , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[23]  John G. Myers Simple Authentication and Security Layer (SASL) , 1997, RFC.

[24]  Kris Popat,et al.  Human Interactive Proofs and Document Image Analysis , 2002, Document Analysis Systems.

[25]  Pawel Gburzynski,et al.  An Automation of Mail Channels , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[26]  Roger Karrer EC: an edge-based architecture against DDoS attacks and malware spread , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).