Penny Black (research project)

Last updated

The Penny Black Project is a Microsoft Research project that tries to find effective and practical ways of fighting spam. Because identifying spams consumes a recipient's time, the idea is to make the sender of emails "pay" a certain amount for sending them. The currency or the mode of payment could be CPU cycles, Turing tests or memory cycles. Such a payment would limit spammers' ability to send out large quantities of emails quickly.

Contents

The project's name is derived from the Penny Black, the world's first adhesive stamp used for prepaid postage.

Objective

The goal of the project is to move the e-mail costs from the receiver to the sender. The general idea is that if the sender must prove that they have expended a certain amount of effort specifically for the receiver and the message alone.

The project aims to devise a method to do this without introducing additional challenge-response mechanisms and third parties, and without requiring extra maintenance and updates, while retaining the current architecture of the e-mail system. [1]

Ticket server

One of the project's ideas was the "ticket server", a credit-based method for validating emails. Tickets would be required to perform actions, such as sending emails. There are three operations the ticket server provides: "request ticket", "cancel ticket", and "refund ticket".

The server would allow the user to request a ticket in exchange for a proof of work: expending CPU cycles solving hard algorithms with processing power, Turing tests, or even just by paying money. The server could also cancel a ticket. For example, after receiving an email with a ticket, the receiver could request the ticket to be cancelled so it cannot be reused. The person who cancels a ticket also has the option to refund the ticket to the sender. This causes the original sender to regain a new ticket. For example, a user might refund a ticket that came with an email if it was not spam. [2]

Using this, friendly and trusted emails would have little to no cost as tickets would be frequently refunded. However, spammers would be required to invest either a lot of computing time or money in order to create enough tickets to send large numbers of e-mails.

Downfalls

One of the more obvious flaws is that this project can not entirely stop spam. It only hopes to slow spam down enough such that it is no longer cost effective for spammers. Using these methods to reduce spam will also require these policies to be universal amongst mail clients.

Intended mass email may also not work as intended. For example, subscribers to a particular email service may end up getting their emails with a significant delay while the email service will also become an increased expenses to the provider.

See also

Related Research Articles

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Electronic mail is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant only physical mail. Email has become such a ubiquitous communication medium to the point that in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long. The concept is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface, like in a swamp.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Registered mail</span> Postal service

Registered mail is a mail service offered by postal services in many countries which allows the sender proof of mailing via a mailing receipt and, upon request, electronic verification that an article was delivered or that a delivery attempt was made. Depending on the country, additional services may also be available, such as:

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by e-mail

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails, a technique often used in phishing and email spam.

Hashcash is a proof-of-work system used to limit E-mail spam and denial-of-service attacks. Hashcash was proposed in 1997 by Adam Back and described more formally in Back's 2002 paper "Hashcash - A Denial of Service Counter-Measure".

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels.

Emailtracking is a method for monitoring whether the email messages is read by the intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well as the IP address of the recipient.

A challenge–response system is a type of spam filter that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically whitelisted.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam.

On Internet usage, an email bomb is a form of net abuse that sends large volumes of email to an address to overflow the mailbox, overwhelm the server where the email address is hosted in a denial-of-service attack or as a smoke screen to distract the attention from important email messages indicating a security breach.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Since spam occurs primarily because it is so cheap to send, a proposed set of solutions require that senders pay some cost in order to send spam, making it prohibitively expensive for spammers.

People tend to be much less bothered by spam slipping through filters into their mail box, than having desired e-mail ("ham") blocked. Trying to balance false negatives vs false positives is critical for a successful anti-spam system. As servers are not able to block all spam there are some tools for individual users to help control over this balance.

References

  1. Dwork, Cynthia; Goldberg, Andrew. "Common Misconceptions about Computational Spam-Fighting". Archived from the original on April 11, 2013. Retrieved February 12, 2013.
  2. Abadi, Martín; Birrell, Andrew; Burrows, Mike; Dabek, Frank; Wobber, Ted (2003), "Bankable Postage for Network Services" (PDF), Bankable Postage for Network Services, pp. 3–4, archived from the original (PDF) on March 4, 2016, retrieved April 28, 2017
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.