ABSTRACT
Current email-control mechanisms, though highly effective, are pro-ne to dropping desirable messages. This can be attributed to their coarseness in filtering out undesirable messages from desirable ones. As a result policies to control undesirable messages are often overly permissive. To allow policies to be more restrictive, the transmission mechanism must be made aware of the ways to document a message so that it is acceptable downstream, thus giving the senders a chance of meeting those requirements. In this work, we design a scheme to enable rejected, but desirable messages to be upgraded in a way that they meet downstream requirements. We call this process 'message refinement'. This in turn allows downstream principals to express and enforce precise requirements as the risk of losing desirable messages is minimized. To apply this scheme uniformly to any email-control mechanism, we provide a flexible and extensible policy language to express message acceptance preferences. We use a constraint logic programming approach to specifying and evaluating these policies and show that their evaluation can be accomplished in PTIME. This supports our belief that this technique can be practically applied.
- E. Allman. The economics of spam. http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=108. Google ScholarDigital Library
- S. Chhabra, W. S. Yerazunis, and C. Siefkes. Spam filtering using a markov random field model with variable weighting schemas. In ICDM'04: Fourth IEEE International Conference on Data Mining, To appear 2004. Google ScholarDigital Library
- R. Clayton. Stopping spam by extrusion detection. In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- R. Dai and K. Li. Shall we stop all unsolicited email messages? In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- Danisch.de: Defense against spam and E-Mail forgery. http://www.danisch.de/work/security/antispam.html.Google Scholar
- Distributed Checksum clearinghouse. http://rhyolite.com/anti-spam/dcc/.Google Scholar
- C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In CRYPTO'03: Advances in cryptology, 2003.Google ScholarCross Ref
- C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In CRYPTO'92: Advances in cryptology, 1992. Google ScholarDigital Library
- Email Service Provider Coalition. Project Lumos. http://www.networkadvertising.org/espc/lumos_white_paper.asp, Sept 2003.Google Scholar
- F. Fages. Constructive negation by pruning. Journal of Logic Programming, 32/2, 1997.Google Scholar
- A. Gray and M. Haahr. Personalized collaborative spam filtering. In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- T. X. R. Group. The XSB programming system. http://xsb.sourceforge.net/.Google Scholar
- R. Haskins and D. Nielsen. Slamming Spam: A guide for system administrators. Addison Wesley, December 2004. Google ScholarDigital Library
- J. Jaffar and M. J. Maher. Constraint logic programming: A survey. Journal of Logic Programming, 19/20:503--581, 1994.Google ScholarCross Ref
- S. Kaushik, P. Ammann, D. Wijesekera, W. Winsborough, and R. Ritchey. A policy driven approach to email services. In IEEE 5th International Workshop on Policies for Distributed Systems and Networks, New York, June 2004. Google ScholarDigital Library
- K. Li, C. Pu, and M. Ahamad. Resisting spam delivery by tcp damping. In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- N. Li and J. C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), pages 58--73. Springer, Jan. 2003. Google ScholarDigital Library
- T. Loder, M. V. Alstyne, and R. Wash. An economic solution to the spam problem. In 5th ACM conference on Electronic Commerce, 2004. Google ScholarDigital Library
- E. Michelakis, I. Androutsopoulos, G. Paliouras, G. Sakkis, and P. Stamatopoulos. Filtron: A learning-based anti-spam filter. In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- M. Naor. Verification of a human in the loop or identification via the turing test. http://www.wisdom.weizmann.ac.il/~naor/ PAPERS/human_abs.html, 1996.Google Scholar
- Procmail. ftp://ftp.procmail.net/.Google Scholar
- Realtime Blackhole List. http://www.kelkea.com/.Google Scholar
- P. Resnick, R. Zeckhauser, E. Friedman, and K. Kuwabara. Reputation systems. Communications of the ACM, 43(12):45--48, December 2000. Google ScholarDigital Library
- Sender Policy Framework. http://spf.pobox.com.Google Scholar
- Simple Mail Transfer Protocol. RFC 2821, Apr 2001.Google Scholar
- Spam URI Realtime Blocklist. http://surbl.org/.Google Scholar
- Spamassassin. http://useast.spamassassine.org/.Google Scholar
- SpamNet. http://www.cloudmark.com.Google Scholar
- T. Tomkins and D. Handley. Giving email back to the users: using digital signatures to solve the spam problem. First Monday, 8(9), September 2003.Google Scholar
- B. Watson. Beyond identity: Addressing problems that persist in an electronic mail system with reliable sender identification. In CEAS 2004: First Conference on Email and Anti-Spam, July 2004.Google Scholar
- W. S. Yerazunis. Sparse binary polynomial hashing and the CRM114 discriminator. In 2003 Cambridge Spam Conference Proceedings, 2003.Google Scholar
- B. Yu and M. P. Singh. Detecting deception in reputation management. In Proceedings of Second International Joint Conference on Autonomous Agents and Multi-Agent Systems, pages 73--80, 2003. Google ScholarDigital Library
Index Terms
Email feedback: a policy-based approach to overcoming false positives
Recommendations
A model-integrated authoring environment for privacy policies
Privacy policies are rules designed to ensure that individuals' health data are properly protected. Health Information Systems (HIS) are legally required to adhere to these policies. Since privacy policies are imposed on complex software systems, it is ...
Flexible access control policy specification with constraint logic programming
We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standard" RBAC models that are described by Sandhu et ...
Comments