Network spam prevention
A report published in the EU has shown that spam has caused the loss of approximately 10 billion euros to global netizens a year ($ 9.36 billion), and the global netizens received approximately 500 million. In the report, the EU pointed out that the fee required for users to read or delete these spam emails is constantly rising. One of the most worrying problems on the Internet. How to prevent and stop spam generation and dissemination into one of the hot issues.
legal:
The first is a legal reason. At present, there are 18 states in the United States adopted the law of stop spam, and Europe has 16 countries through relevant laws. In this case, the spam sender, especially the occupation spam sender is facing more severe legal sanctions in these places. In China, there is currently no laws for spam. Although China Telecom has introduced the interim Measures for spam processing early in August 2000, the Beijing Municipal Administration for Industry and Commerce has been distributed in May 2000, "Notice on the Norms of the Behavius of Mail Sending Business Information", but as of now We have not found a case where it is subject to legal punishment because of sending spam. US spam organizations that are afraid to legally move to move the operation to China. Lin Fuded said: "We have found many spam gangs, such as 81832.com in China. Because they know, there is no Westerners to stop their (in China) activities. There is also a very famous spam gang, They use a mailbox called mrbill@btamail.net.cn, only in China.
protocol
The current email send protocol SMTP does not consider authenticating the sender when designing, so if a mail server that has just been added to any patch does not authenticate the sender. Due to the European and American, send spam may face a strict legal sanction, so spam organizations will choose an unparalleled server. In the West, due to anti-spam organization's efforts, most of the service chambers will warn and help their users to repair this vulnerability. Domestic ISP has rarely conduct such recommendations and help to users, so there are many machines in China. This situation is discovered and utilized by the US spam organization. We have a rough test for China Telecom, Korea Telecom, and the United States online IP. As a result, the number of machines that are not repaired in China is 1.6 times the South Korea, 34 times the United States.
management
The management of the mailbox server is not very standard, including application, sending, receiving, and filtering. In addition, China's network administrators communicate with foreign anti-spam organizations, which is also an important reason for the bonus of US spam senders in China. Almost all the anti-spam organizations that have been interviewed have complained that their complaints have never responded to the Chinese system administrator. Steve Linde said: "In the past three years, China Telecom ignores all complaints about spam. This is why the situation is like this poor main reason. We have received a complaint for a year. Everyone now knows that we have known that we have no other choice in addition to full shielding China Telecom. "Julian. Hayz is calm some:" I have seen a very responsible Chinese network administrator's reply, They have seriously handled the masked situation very seriously. But most of the Chinese network administrators are not the case, they are either free, or they don't understand English. "
solution
1, the combination of the email system and the PKI system.
From the structure, the email system and the PKI system have a large degree of similarity:
Public key
Mailbox address
Private key
Mailbox password
Encryption Algorithm
Remote mailbox server storage
signature
Display the source of the letter, send trust time
Integrity
Undeniable
If we use technical means to implement PKI's other features, we can realize an exciting feature that is unlikely to achieve, such as: certification structure
Certificate library
Certificate revocation
Cross-certification
Client software
Confidentiality
Certification
Integrity
Will not deny support
Safety timestamp
just
Safety time archive
In this way, we can not only implement secure email function, but also use the PKI's characteristics to ensure identification of user identity, so we guarantee that the manufacturer of spam is nowhere.
2, use the extended SMTP protocol
The extended SMTP protocol is called ESMTP. We use Login to log in as an example, and its process is
1 C: Auth login
2 s: 334 DXNLCM5HBWU6
3 C: DXNLCM5HBWU6
4 s: 334 CGFZC3DVCMQ6
5 C: CGFZC3DVCMQ6
6 s: 235 Authentication Success Eventful.
1 Send a authentication instruction to the server to the server.
2 The server returns the Base64 encoded string, the success code is 334. After the encoding string decodes, "UserName:", which requires the client to send the username.
3 The client sends a username encoded with Base64, here is "UserName:".
4 The server returns the Base64 encoded string, the success code is 334. After encoding a string decoding, it is "Password:", which shows that the client will send the user password.
5 The client sends a password encoded with Base64, here is "Password:".
6 After success, the server returns code is 235, indicating that the authentication can be sent.
Send a message on the ESMTP server, just like the POP3 server, you must present the user's account and password. If the account and password is incorrect, the ESMTP server refuses to send the message.
In this way, non-local registered users cannot mess with the ESMTP server to mess with the email. If it is found to be spoken by local users, the NMS will be targeted and sanctions immediately. When all E-mail providers use ESMTP, the security and effectiveness of the mail system will be greatly improved, and the user gradually moves away from spam.
3. Use digital cash protocol to realize anonymity and identification of emails
(1) Users prepare N-sheet anonymous application forms for a given number of email applications.
In different messages of users, there is a different application table version, and the same email contains the same application form.
Each application form contains a different random unique string x, x is sufficient enough, enough to make two strings that have the same opportunity to be minimal. There is also N to identify bit strings I1, I2, ..., in each application form. (On each application form is N different pairs.) Every of these pairs is generated as follows: Users create a given information that gives her name, address, and any administrator wants to see. String. Next, she divided it into two parts with a secret segmentation protocol. Then she submits each part using a bit submission protocol.
For example, I37 consists of two parts:
with
. Each portion is a bit submitted group that can be required to open, which correctly opens or verifies immediately. Any right like:
with
,but not
with
They will reveal the identity of the user.
Each application form looks like this:
Total: n
Unique string: x
Identification string: I1 = (i1L, I1R)
I2 = (i2L, I2R)
...
IN = (Inl, INR)
(2) The user hides all N-piece application forms with a blind signature protocol. She gives them all to the server. (3) The server requires the user to restore the random N-1 application form and confirm that they are qualified. The server checks the total, unique string and requires the user to present all authentication strings.
(4) If the server is satisfied with the attempt to deceive, it signs on the remaining hidden application form. The server gives the signature file of this hidden application form to the user and opens the user's email service.
(5) The user recovers this application form to send and receive emails through the email service that has already been opened.
(6) The receiver verifies the server's signature to confident that this email is legal.
(7) Receiver requires random interpretation of the left half or right half of each authentication string in the application form. In fact, the recipient gives the user a random N-bit selection string, B1, B2, ..., BN. The user is 0.0 or the left half or right half of the disclosure II according to BI.
(8) The user agreed.
(9) If the recipient thinks this is spam, he is holding this email to the bank.
(10) The server verifies this signature and checks its data to be confident that the email with the same unique string is not previously existed. If not, banks are in its database, and all identification information is noted, and is not spam.
(11) If this unique string is in the database, it compares the identifier string on the draft. Compared with its database. If the server knows that the recipient copys the email, trying to capture the user. If the bank knows that the user is copy it and makes spam. Since the second recipient of receiving this email is handed over to the user one and the first recipient different selection string, the bank finds a bit of a bit, on this bit, a recipient makes the user publicly left half. And another recipient allows the user to disclose the right half. The server is different or more than two halves to expose the identity of the user.
This is a quite charming agreement, so let us look at it from different angles.
Can users deceive? Her email is just a bit string so you can copy it, thereby manufacturing spam. The first time it does not have problems, she only needs to complete the agreement, all progress is smooth. The recipient gives her a random N-bit selection string in step (7), and the user will open the left half or of each II in step (8). In step (10), the server will record all of this data, along with the unique string of the message.
When she tries to send the same message for the second time, the recipient (the same recipient or another recipient) will give her a different random selection string in step (7). Users must agree in paragraph (8); not doing so, it is bound to remind the recipient to be doubtful. Now, when this recipient is sent to the server in step (10), the server immediately discovers that the electronic use of the same unique string has already existed. The bank is connected to all disclosed parts in the identification string. The two random selection strings are the same opportunity to be one of 2N, which is very small. Now, the server finds such a pair, half of which is disclosed for the first time, and the other half is disclosed. It gives these two half a day, and immediately get the user's name, so the server knows who tries to send the same message multiple times.
It should be noted that this agreement cannot allow users to do not perform spam production and spread, but it can almost certainly detect her deception. If the user is deceiving, she can't expose the identity. She is impossible to change the unique string or any identifier string, because the server's signature is no longer valid. This businessman will immediately realize this in step (6). Users may try to use a short-headed application to deceive the bank, and the identifier string on this application form does not leak her name, or it is best to have a draft of its identifier string to disclose other people's name. Her chance to make this fraud in step (3) is n. These are not impossible opportunities, but if you make a punishment is quite strict, users don't dare to trial. Alternatively, you can increase the number of excess application forms created in steps (1).
Can this reception deceived? His opportunity is even smaller. He also can't send this email twice; banks will find that the selection string is reused. He cannot unfold the user in a fabric, only users can open any identifier string.
What is the server? Can it know that it receives it from the receiver? The user is protected from the blind sign name protocols (2) to (5). Banks are unable to make judgments, even if it retains a complete record of each transaction. It is more important, the server and the receiver cannot know who the user is. As long as the user does not cause the complaints of multiple recipients, she can send mail completely anonymously.
Third parties can be deceived. If she steals the server's signature for the application and sends a lot of spam before the user discovers, the user will be considered a deceived. There is no way to prevent this; it is anonymous direct consequence.
The above agreement ensures an anonymous right of email users, but also prevents irresponsible spam from anonymity, because as long as there is a certain number of receivers to discover emails, you can transfer emails to manage Member, let him handle it. If it is punished enough, I believe that there will be no one will try it.
The problem of rubbish email can not be ignored, I believe that if we increase strength, combine technology, law and management, it will inevitably reduce or even eliminate spam production.
