To evade blacklisting, the vast majority of spam email is sent from exploited MTAs (i.e., botnets) and with forged “From” addresses. In response, the anti-spam community has developed a number of domain-based authentication systems – such as SPF and DKIM – to validate the binding between individual domain names and legitimate mail sources for those domains. In this paper, we explore an alternative solution in which the mail recipient requests a real-time affirmation for each e-mail from the declared sender’s MX of record. The Occam protocol is trivial to implement, offers authenticating power equivalent to SPF and DKIM and, most importantly, forces spammers to deploy and expose blacklistable servers for each domain they use during a campaign. We discuss the details of the protocol, compare its strengths and weaknesses with existing solutions and describe implementation strategies.
Chris Fleizach, Geoffrey M. Voelker, Stefan Savage