Identity based email sender authentication for spam mitigation

The elimination of unsolicited bulk emails, also known as spam, is still a largely unsolved problem. Making up for the vast majority of emails transmitted, spam is an annoyance and potential security issue for users, and moreover a superfluous burden to the internet. Despite the maturity of today's email infrastructure, it is difficult to ensure the authenticity of a sender address for inbound mails. This shortcoming is used by spammers to bypass existing spam protection systems and furthermore poses a security risk to users. Due to this a vast majority of spam emails today are sent from botnets with forged sender addresses. This has attracted researchers over the years to develop email sender authentication mechanism as a promising way to verify identity of the senders. In this paper we introduce iSATS, a new email sender authentication system based on Identity-based public key cryptography. iSATS leverages identity based signature scheme to provide a reliable and easy way to bind the identity of legitimate sender unambiguously to his emails. Unlike the popular existing solutions like SPF and DKIM, it is hard for the spammer to adopt iSATS. Evaluation of the prototype implementation show promising performance with low processing overhead on different computational setups.

[1]  Krishna P. Gummadi,et al.  Ostra: Leveraging Trust to Thwart Unwanted Communication , 2008, NSDI.

[2]  P. Oscar Boykin,et al.  Personal Email Networks: An Effective Anti-Spam Tool , 2004, ArXiv.

[3]  Jim Lyon,et al.  Purported Responsible Address in E-Mail Messages , 2006, RFC.

[4]  Stefan Savage,et al.  Slicing Spam with Occam's Razor , 2007, CEAS.

[5]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[6]  Sean Turner,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification , 2019, RFC.

[7]  Michael Walfish,et al.  Distributed Quota Enforcement for Spam Control , 2006, NSDI.

[8]  Meng Weng Wong,et al.  Sender ID: Authenticating E-Mail , 2006, RFC.

[9]  David Mazières,et al.  RE: Reliable Email , 2006, NSDI.

[10]  Haiying Shen,et al.  SOAP: A Social network Aided Personalized and effective spam filter to clean your e-mail box , 2011, 2011 Proceedings IEEE INFOCOM.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Xiaowei Yang,et al.  SocialFilter: Introducing social trust to collaborative spam mitigation , 2010, 2011 Proceedings IEEE INFOCOM.

[13]  Xiaoming Fu,et al.  Fighting spam using social GateKeepers , 2013 .

[14]  P. Oscar Boykin,et al.  Collaborative Spam Filtering Using E-Mail Networks , 2006, Computer.

[15]  Xiaoming Fu,et al.  iSATS: Leveraging Identity based Sender Authentication for Spam Mitigation , 2012, SECRYPT.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[18]  Eric Allman,et al.  DomainKeys Identified Mail (DKIM) , 2005 .

[19]  James A. Hendler,et al.  Reputation Network Analysis for Email Filtering , 2004, CEAS.

[20]  David Geer Will New Standards Help Curb Spam? , 2004, Computer.

[21]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[22]  Scott Kitterman,et al.  Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 , 2014, RFC.

[23]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[24]  Wolfgang Nejdl,et al.  MailRank: using ranking for spam detection , 2005, CIKM '05.

[25]  Bradley Taylor,et al.  Sender Reputation in a Large Webmail Service , 2006, CEAS.

[26]  Tatsuya Mori,et al.  How is e-mail sender authentication used and misused? , 2011, CEAS '11.

[27]  Gianluca Stringhini,et al.  B@bel: Leveraging Email Delivery for Spam Mitigation , 2012, USENIX Security Symposium.