To evade blacklisting, the vast majority of spam email is sent from exploited MTAs (i.e., botnets) and with forged "From" addresses. In response, the anti-spam community has developed a number of domain-based authentication systems -- such as SPF and DKIM -- to validate the binding between individual domain names and legitimate mail sources for those domains. In this paper, we explore an alternative solution in which the mail recipient requests a real-time affirmation for each e-mail from the declared sender's MX of record. The "Occam" protocol is trivial to implement, offers authenticating power equivalent to SPF and DKIM and, most importantly, forces spammers to deploy and expose blacklistable servers for each domain they use during a campaign. We discuss the details of the protocol, compare its strengths and weaknesses with existing solutions and describe a prototype implementation in Sendmail.
The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, email@example.com.
[ Search ]