Trustnet architecture for e-mail communication David P¨ olz University of Vienna Research Lab Computational Technologies and Applications Lenaugasse 2/8, A-1080 Vienna Email: david.poelz@univie.ac.at Wilfried N. Gansterer University of Vienna Research Lab Computational Technologies and Applications Lenaugasse 2/8, A-1080 Vienna Email: wilfried.gansterer@univie.ac.at Abstract—In this paper we discuss a new architecture to reduce unsolicited e-mail messages. We propose a system architecture that introduces two classes of messages - trusted e-mail and e- mail from untrusted sources. Trusted e-mail messages are signed with an S/MIME signature. To address usability problems that occurred previously with S/MIME signatures, outgoing e-mail messages are automatically signed on the e-mail server without any user interaction. A validation of the signature by the receiving server classifies the message either as trusted or untrusted, which enables the receiver to employ additional security checks for untrusted messages or to omit these checks for trusted messages. A comparison of the proposed system to a common setup with spam and anti-virus filtering shows that the trustnet architecture not only reduces processing time but also significantly reduces the amount of data transfered. I. I NTRODUCTION E-mail communication has become one of the most used applications of the internet. Although everybody uses it there are a few annoyances that affect an efficient usage of this medium. Unsolicited bulk e-mail (”spam”) has become very common. Lately, these unsolicited e-mail messages evolved from a mere annoyance to a threat for the user. Phishing messages are sent to spy on private data and viruses can be spread via e-mail. This reduces the trust of the user in this otherwise convenient communication medium. Many users are unfortunately not aware of these shortcomings or do not know how to overcome these threats. The possibility to sign and encrypt e-mail messages has been around for many years but so far has not been accepted by a broader user community due to usability problems. Therefore, it is necessary to build a layer of security that is transparent and almost invisible to the end-user. This paper presents such a software architecture that provides more secu- rity for the end-user. Additionally, it reduces costs for e-mail service providers in terms of spam and anti-virus filtering. The architecture proposed in this paper is based on a trust system between various e-mail service providers. All members of this trust community have a personal X.509 certificate and sign every outgoing e-mail message with this personal S/MIME certificate so that the receiver can validate whether the sender is the one who he claims to be. A further validation of the certificate reveals if the sender is a member of the trust community - thus it becomes possible to prioritize the handling of the trusted e-mail over untrusted e-mail. II. RELATED WORK Most current anti spam methods concentrate on filtering spam after the delivery of the e-mail message. Post-send measures like rule based systems, blacklists and bayesian filters address the spam problem at this stage. Rule based system were efficient in the beginning of the spam era but soon spammers adopted to the rules and adjusted spam messages to circumvent this kind of filters. Another method to block unsolicited e-mail are blacklists (e.g. DNSBL 1 , SBL 2 , PBL 3 , ...). It is very time consuming to keep such lists updated. Furthermore, extensive evaluations of blacklists showed that IP addresses in these lists are used by spammers only for a very short time. More specifically, 90% of the listed IPs are used only three days for spam delivery [1]. A further disadvantage of blacklists is that dynamic IP addresses can be assigned to a not spamming e-mail server later and this server is then wrongly blacklisted. They also are quite traffic intensive due to regular updates and huge amounts of listed IP addresses. Bayesian filters were a reliable anti spam method for some time but due to obfuscation techniques and randomized spam messages their efficiency decreased. A retraining of these filters is needed on a regular basis. Recent commercial and open source anti spam filters such as Spamassassin 4 use a combination of the above mentioned filtering techniques. A machine learning based method for classifying e-mail mes- sages especially considering dangerous phishing messages that closely resemble legitimate ham messages has been presented in [2]. A more general framework which intercepts e-mail messages before the are delivered has been proposed in [3]. It temporarily blocks incoming messages by employing greylist- ing. An additional reputation system minimizes the drawbacks of greylisting (delayed delivery) and ensures a timely delivery of the e-mail messages. Pre-send measures block unsolicited e-mail messages before they are actually sent. In [4] a method has been suggested that blocks spam before the message is sent by applying a human interactive proof (HIP) for every sent message which increases the cost for every sent message for the spammer. Another way to impose additional costs 1 http://www.heise.de/ix/nixspam/dnsbl/ 2 http://www.spamhaus.org/sbl/ 3 http://www.spamhaus.org/pbl/ 4 http://spamassassin.apache.org/ 20th International Workshop on Database and Expert Systems Application 1529-4188/09 $25.00 © 2009 IEEE DOI 10.1109/DEXA.2009.52 48