Graduation Year

2005

Document Type

Thesis

Degree

M.S.Cp.E.

Degree Granting Department

Computer Science and Engineering

Major Professor

Dr Kenneth J Christensen.

Co-Major Professor

Co-adviser:

Keywords

Spam, Smtp, Sender payment, Networks, Spoofing

Abstract

A new authentication mechanism for validating the source of messages over the Internet is designed and evaluated. This mechanism is applied to email and is called Email++. Email++ prevents identity forging (spoofing) and tampering of email contents. By preventing identity forging, Email++ can reduce the amount of spam received and limit the spread of viruses like Melissa, Love Bug, Bagle Worm, and Killer Resume. Email++ validates both the sender and the receiver of an email by confirming the senders identity with the domain mail server that delivered the email for the sender, and authenticates the receiver with hash value comparisons. Email++ enables payment mechanisms, including micro-cash, and challenge response schemes that use puzzle solving. MD5 hash signatures generated both at the sender and the receiver locations are used for validating the senders identity and for making email tamper resistant in the network.

An out-of-band TCP connection established between the sender and the receiver is used as a communication channel for validating the sender as well as the senders email server. The information needed for establishing an out-of-band TCP connection is obtained by querying the DNS (Domain Naming System), instead of using email headers from the received mail, which are susceptible to spoofing. The Email++ technique is compared with existing anti spam and anti-spoof techniques like SPF, Yahoo Domain Keys, Microsoft Sender ID, TEOS and PGP. The Email++ specification is evaluated by developing both Email++ client and Email++ server programs in C language and using Sendmail 8.12 as the mail server. The performance of Email++ is compared with standard SMTP protocol implementation of Sendmail 8.12. Several factors are considered in evaluating the performance.

Share

COinS