An SSL-based client-oriented anti-spoofing email application

Spoofing is a very common security threat to email applications. Several powerful techniques have been developed to counteract spoofing, but most of them are server-oriented and transparent to the user. In this paper a client-oriented Secure Socket Layer (SSL)-based anti-spoofing application is proposed. This application allows a client to send trusted emails and authenticate received emails using the SSL protocol. The application has been developed in Java and it provides users with a table populated with details of all devices on a subnet. It uses cryptographic self-signed certificates to exchange a secure authentication message alongside the email with a view to prevent spoofing. The application has been tested on devices within the same subnet and it successfully authenticated valid email messages and detected spoofed ones. The main advantages of this application are the incorporation of SSL, its user-friendliness and its ability to allow users to use anti-spoofing measures independently of an email server.