E-mail Sender Identification through Trusted Local Deposit-Agents

Email spam is one of the social problems we face every day. Another relating crucial problem is the massive spam sent from the legitimate home computers compromised by the malware called bot. Although the schemes for identifying email senders are one of powerful arms against spam and spamming bot, the current major such schemes, such as the Domain Keys Identified Mail (DKIM), cannot identify spamming bots since they identify the email domains, but not the email addresses, of senders. Moreover, the schemes are not necessarily easy for the users on home computers to benefit from, because beforehand the records for authorizing the domains to send emails have to be registered in the Domain Name System (DNS). Then the home users may not be able to register the records due to the lack of knowledge for the registering. In addition, the DNS has some vulnerabilities for attacks such as pharming. To cope with the problem above, this paper presents a scheme for identifying the email addresses of senders that uses no DNS, and hence, is easy to register also for home users, we embed our scheme into the Simple Mail Transfer Protocol (SMTP). A subtle problem when using no DNS is where to locate out trusted core, instead the DNS. In our scheme, an authorizer, i.e., an email service provider to which the home users subscribe or the administrator of an organization´s email system, registers a one-time secret in the deposit agents, i.e., our trusted core, which are the hosts trusted by and local to the authorizer. We evaluate our scheme by analyzing its usability, security, performance overhead, and so on.