Check out the new USENIX Web site. next up previous
Next: 2 Background Up: ASK: Active Spam Killer Previous: ASK: Active Spam Killer

1 Introduction

Unsolicited Commercial Emails (UCEs), also commonly called ``spam'' represent a serious problem to most Internet users, who are constantly bombarded with all sorts of scams, promotions, and offensive material. This situation has prompted the creation of many different tools to eliminate the problem, with varying degrees of success.

The most common way to deal with spam is to parse incoming mails and decide whether they should be delivered or not based on their contents. Reasonable results have been obtained with this technique, but the complexity and diversity of human languages make it a difficult task. Such content filtering tools propose to attack one of the weak spots in spam: the message content itself.

The effectiveness of such tools can be drastically reduced when the incoming mail employs an unknown language or even an unknown character set. Also, cleverly crafted emails may never be detectable as the difference between those and perfectly valid emails is subtle.

Active Spam Killer (ASK) proposes to attack a different weak spot in the spam chain: the validity of the sender's email address. When a message from an unknown origin is received, a challenge (also known as confirmation message) is sent back to the mail originator. This message contains brief instructions to the sender on how to get authenticated into the system and cause delivery of the original message. The confirmation message is crafted in such a way that a simple reply keeping the ``Subject'' line intact will suffice. The confirmation message also contains a unique MD5 [16] hash computed by combining the contents of the original email with a secret key known only to the recipient. This prevents false confirmation returns as the code is based on the unique characteristics of the receiver.

The message remains stored in the pending mail queue until a confirmation return is received (a reply to the confirmation message with the MD5 hash in the ``Subject'' header). When that happens, ASK checks the pending mail queue for a message whose MD5 signature matches the one in the confirmation return. If found, the original message is delivered from the pending mail queue and the sender's email address is automatically added to the whitelist. This sender has now been validated and all future messages from this address will be immediately delivered.

The sender's address can also be added to two other lists: the ignorelist and the blacklist. The first causes emails to be silently ignored while the second not only ignores the email but also sends a message back to the originator explaining that future emails coming from this address are blocked.

This challenge-authentication scheme guarantees that delivered emails always come from valid senders. Unwanted (but technically valid) senders can be easily ignored as they offer a simple key to their detection: their own email addresses.

Although an auto-responder could be used to defeat this method, this is unlikely as it would expose the sender to legal complications, account and service cancellations, and a fairly large number of "Invalid Address" response messages during normal operation.

The rest of this paper is organized as follows: Section 2 provides background information on popular anti-spam techniques. Section 3 details ASK's design and operation. Section 4 compares the effectiveness of ASK against other anti-spam tools. Section 5 surveys other challenge-based solutions. Finally, Section 6 presents our conclusions and future work.

next up previous
Next: 2 Background Up: ASK: Active Spam Killer Previous: ASK: Active Spam Killer
Marco Paganini 2003-04-07