Miracle Cures and Toner Cartridges: Finding Solutions to the Spam Problem


Citation

Paper

Bibliographic Information

Abstract

The exponential growth in unsolicited commercial e-mail, or spam, over the past several years has resulted in a degradation of e-mail as a useful medium for information interchange. Spam traffic wastes resources, drives up costs for access providers, and imposes a high social cost. Spam filtering systems often delete legitimate e-mail, resulting in a loss of e-mail as a reliable method of communication. Additionally, the lack of strong authentication in the current e-mail system provides a mechanism by which spammers can trivially spoof both their own identities, and the identities of the hosts that they used to send their spam. Because spoofed addresses often point to real accounts, the legitimate owners of these accounts often lose access to their own mail services when the recipients of spam send messages to those accounts trying to move themselves from a spammer's mailing list.

In many respects, spam could even be considered a denial of service attack against the entire Internet. As such, it represents a security issue not unlike those that typically face hosts and networks. Many possible solutions have been proposed to this problem, including government regulation of e-mail, the use of micropayments for e-mail transmission, low-level redesigns of the current mail transport system, the application of trust and authentication models, and the use of computationally intensive puzzles. Each of these possible solutions has a variety of advantages and disadvantages, although none appears to be a perfect solution. This panel will explore the problem of spam from a security perspective, whether or not e-mail should be regulated in some way to prevent spam, which, if any, of the proposed solutions should be adopted, and how such solutions could be deployed throughout the Internet given the presence of a pre-existing e-mail infrastructure.

Copyright Notice

©2003 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in Proceedings of the 19th Annual Computer Security Applications Conference, Dec. 2003.