Distributed Quota Enforcement for Spam Control

Michael Walfish, J.D. Zamfirescu, Hari Balakrishnan, David Karger, Scott Shenker
3rd USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Jose, CA, May 2006

Spam, by overwhelming inboxes, has made email a less reliable medium than it was just a few years ago. Spam filters are undeniably useful but unfortunately can flag non-spam as spam. To restore email's reliability, a recent spam control approach grants quotas of stamps to senders and has the receiver communicate with a well-known quota enforcer to verify that the stamp on the email is fresh and to cancel the stamp to prevent reuse. The literature has several proposals based on this general idea but no complete system design and implementation that: scales to today's email load (which requires the enforcer to be distributed over many hosts and to tolerate faults in them), imposes minimal trust assumptions, resists attack, and upholds today's email privacy. This paper describes the design, implementation, analysis, and experimental evaluation of DQE, a spam control system that meets these challenges. DQE's enforcer occupies a point in the design spectrum notable for simplicity: mutually untrusting nodes implement a storage abstraction but avoid neighbor maintenance, replica maintenance, and heavyweight cryptography.

[PDF (322KB)] [PostScript (617KB)] [Gzipped PostScript (196KB)] [Presentation (203KB)]

Supplement to the conference paper: MIT CSAIL Tech Report 2006-033

Bibtex Entry:

   author =       "Michael Walfish and J.D. Zamfirescu and Hari Balakrishnan and David Karger and Scott Shenker",
   title =        "{Distributed Quota Enforcement for Spam Control}",
   booktitle =    {3rd USENIX Symposium on Networked Systems Design and Implementation (NSDI)},
   year =         {2006},
   month =        {May},
   address =      {San Jose, CA}