An anti-spam scheme using pre-challenges Rodrigo Roman b, * , Jianying Zhou a , Javier Lopez b a Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore 119613, Singapore b E.T.S. Ingenieria Informatica, University of Malaga, 29071 Malaga, Spain Available online 4 January 2006 Abstract Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneous- ly retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments. Ó 2006 Published by Elsevier B.V. Keywords: Electronic mail; Anti-spam; Internet security 1. Introduction Email is one of the most valuable tools for Internet users nowadays. Unlike postal mail, email allows people living at any place of the Earth to communicate and interchange information almost instantaneously. It can contain and attach any digital information (from plaintext to complex objects), and the cost of transmission of a single message is minuscule once the infrastructure costs are paid. However, the vulnerabilities and flaws in email proto- cols allow malicious users to send Unsolicited Commercial Email (UCE), or Spam. It can be defined as advertising messages (mostly for fraudulent products) neither expected nor desired by the intended receivers. Since it is very easy to flood users’ mailboxes with little investment, spam is a big threat to email systems, resulting in the loss of time and money to email users. A lot of research in the area of anti-spamming has been done in the past years. From statistical analysis to chal- lenge-response, researchers tried to seek effective solutions to the spam problem. One of those solutions is challenge- response, which applies an old idea from Internet protocols to mail systems: when a sender sends an email to a receiver, he/she is given a challenge from that receiver which must be solved before the email reaches the receiver’s mailbox. However, challenge-response schemes introduce some new problems for the users such as delay of service (when a sender waits for the arrival of the challenge from a receiv- er) and denial of service (when challenges are redirected to a victim’s address if spammers use that victim’s address as the source address). 1.1. Our contribution In this paper, we propose a pre-challenge scheme, which is based on challenge-response mechanisms, preserving their benefits while avoiding their drawbacks (e.g., management 0140-3664/$ - see front matter Ó 2006 Published by Elsevier B.V. doi:10.1016/j.comcom.2005.10.037 * Corresponding author. E-mail address: roman@lcc.uma.es (R. Roman). www.elsevier.com/locate/comcom Computer Communications 29 (2006) 2739–2749