View Abstract (in PDF)
Chair: Michael Clifford, The Aerospace Corporation, USA
Daniel Faigin, The Aerospace Corporation, USA
Matthew Bishop, University of California, Davis, USA
Tasneem Brutch, Kaiser Permanente, USA
The exponential growth in unsolicited commercial e-mail, or spam, over the past several years has resulted in a degradation of e-mail as a useful medium for information interchange. Spam traffic wastes resources, drives up costs for access providers, and imposes a high social cost. Spam filtering systems often delete legitimate e-mail, resulting in a loss of e-mail as a reliable method of communication. Additionally, the lack of strong authentication in the current e-mail system provides a mechanism by which spammers can trivially spoof both their own identities, and the identities of the hosts that they used to send their spam. Because spoofed addresses often point to real accounts, the legitimate owners of these accounts often lose access to their own mail services when the recipients of spam send messages to those accounts trying to move themselves from a spammer's mailing list.
In many respects, spam could even be considered a denial of service attack against the entire Internet. As such, it represents a security issue not unlike those that typically face hosts and networks. Many possible solutions have been proposed to this problem, including government regulation of e-mail, the use of micropayments for e-mail transmission, low-level redesigns of the current mail transport system, the application of trust and authentication models, and the use of computationally intensive puzzles. Each of these possible solutions has a variety of advantages and disadvantages, although none appears to be a perfect solution. This panel will explore the problem of spam from a security perspective, whether or not e-mail should be regulated in some way to prevent spam, which, if any, of the proposed solutions should be adopted, and how such solutions could be deployed throughout the Internet given the presence of a pre-existing e-mail infrastructure.