CentMail: Rate Limiting via Certified Micro-Donations

We present a plausible path toward adoption of email postage stamps--an oft-cited method for fighting spam--along with a protocol and a prototype implementation. In the standard approach, neither senders nor recipients gain by joining unilaterally, and senders lose money. Our system, called CentMail, begins as a charity fund-raising tool: Users donate $0.01 to a charity of their choice for each email they send. The user benefits by helping a cause, promoting it to friends, and potentially attracting matching donations, often at no additional cost beyond what they planned to donate anyway. Charitable organizations benefit and so may appeal to their members to join. The sender’s email client inserts a uniquely generated CentMail stamp into each message. The recipient’s email client verifies with CentMail that the stamp is valid for that specific message and has not been queried by an unexpectedly large number of other recipients. More generally, the system can serve to rate-limit and validate many types of transactions, broadly construed, from weblog comments to web links to account creation.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  R. Rivest,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[4]  Ann E. Kaplan Giving USA : the annual report on philanthropy for the year , 1992 .

[5]  Manuel Blum,et al.  Telling Humans and Computers Apart Automatically or How Lazy Cryptographers do AI , 2002 .

[6]  Scott E. Fahlman,et al.  Selling interrupt rights: A way to control unwanted e-mail and telephone calls , 2002, IBM Syst. J..

[7]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[8]  S. Fahlman Technical forum , 2002 .

[9]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[10]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[11]  Martín Abadi,et al.  Bankable Postage for Network Services , 2003, ASIAN.

[12]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[13]  Jeffrey O. Kephart,et al.  SpamGuru: An Enterprise Anti-Spam Filtering System , 2004, CEAS.

[14]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[15]  Marshall W. Van Alstyne,et al.  An Economic Response to Unsolicited Communication , 2005 .

[16]  Marshall W. Van Alstyne,et al.  An Economic Response to Unsolicited Communication , 2005 .

[17]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[18]  Gordon V. Cormack,et al.  Email Spam Filtering: A Systematic Review , 2008, Found. Trends Inf. Retr..

[19]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[20]  Martín Casado,et al.  The Effectiveness of Whitelisting: a User-Study , 2008, CEAS.