socialtwister — an archive in time
20
March · 2004
22 years ago

LOAF: Social SPAM Protection

filed under E-mail · 3 comments in the original

There seems to be great interest in utilizing social networks, personal contacts, and related technologies to cut back on SPAM. Although there has always been the white-list and challenge-response type solutions, these have undesirable effects for most people as they lock out too many potentially valid messages.

Many 2 Many reports on LOAF, the a new e-mail extension designed to utilize personal contact lists as a filtering mechanism for SPAM messages. The best part is that, despite the sharing of contacts across individuals, the information remains in a format that does not compromise those contacts.

As the LOAF site describes the service:

LOAF creates and maintains a database of all your correspondents, defined as people to whom you have sent email at least once. Every time you send an email message, LOAF appends this information to the email message, using a format described further below. LOAF-enabled correspondents collect and store this information in their own local databases.

When you receive an email from an address you have not previously written to, LOAF checks to see if the email address is known to any of your existing correspondents. This essentially sorts incoming email into three categories:

  • Mail from complete strangers

    These are people whom you do not know, and who are also unknown to your correspondents.

  • Mail from partial strangers

    These are people you have never sent email to, but who have gotten email from at least one of your own correspondents. This email may deserve more attention, since at least one of your correspondents took the time to write back to the person.

  • Mail from people you know.

    This last category consists of people whom you have written to before. Presumably this is email you're most interested in, unless it's another forward from your mom.

    Mail in category (2) can be further classified by counting how many correspondents you and the sender have in common. If the originating email appears in the address books of several of your correspondents, this may indicate a person with whom you have many connections. Insert standard social network theory here.

    Source: LOAF via Many 2 Many, "LOAF: Social email filtering"

More interesting, is the method that LOAF uses to determine the validity and viability of the sender. Messages are sent with a special LOAF attachment. The LOAF extension utilizes a Bloom filter which essentially provides the ability to compare if data has been visited or present. I wish I understood the math, so I'll take their word for it. Here's what they say:

LOAF uses a special data structure called a Bloom filter, described below. To the unaided eye, the filter looks like a string of characters. It contains a specially hashed representation of the sender's correspondents list, a few thousand bytes in length.

It is computationally trivial to check whether a given address appears in the filter, but reconstructing the list of email address in the filter requires a brute-force attack. It is possible to infer the rough size of the address list from the proportion of 'on' bits in the filter, but this will give an inexact estimate.

Outgoing email is munged by an outgoing mail filter to include the LOAF filter, in the form of a MIME attachment. Every address on an outgoing message is automatically added to the database of correspondents, unless the user expressly flags the message.

Incoming email is analyzed for the attachment, and messages that fall into category (2) above are marked with the special flashing LOAF banner.

Every time an email arrives from a known correspondent, the corresponding entry in the local database is updated with the latest LOAF filter.

Source: LOAF

Now this seems to be quite problematic in terms of the bandwidth bloat alone, but perhaps that's how ridiculous things have gotten that we need to essentially plastic