Abstarct:

In this paper, author introduces an e-mail system that attempts to combat spam. The basis of this system is SPA, single purpose address. SPA is generated by the machine and encapsulates user policy concerning the correspondent to whom the address is sent. Thus, a user is able to generate an e-mail tailored to his needs for each particular e-mail request from web sites, catalogs, etc. Each SPA can carry expiration period, valid sender field, and other user-define policy rules. The effect of this system would consists of making a sale of user's e-mail address to third parties, which generate spam in the majority of cases, pointless.

SPA consists of two parts: the user e-mail alias and the policy statement that was MAC-ed and encrypted. Encryption is done using a private key know only to e-mail sender. On the receiving end, SPA mail is checked for validity by the receiving program and if it is valid sent to the user's mailbox. The author discusses his implementation of the system including formatting of the SPA, encryption rules for the policy part of SPA and modification to the MTA, mail transport agent necessary to force correct formatting of the e-mail headers on the receiving end.

Cons:

- It is not difficult to forge SMTP headers, so a spammer who knows the domain name associated with a SPA has a good chance of getting his spam delivered.

- Policies cannot be modified or revoked easily once an address is handed out.

- The non-trivial MTA/MUA configuration requirements may prevent this system from being widely deployed.

- References are mostly websites and RFCs.

- Some statement are offered without proof of their correctness or reference to other papers.

- A good alternative is white-listing, which is much easily implemented

Pros:

- easy, straightforward and somewhat transparent solution.

- allows different emails to be used for different purposes. This is very practical, e.g. in ebay you probably need your email to be valid only for the duration of the auction, etc.

- supports flexible policies that are embedded within the email address and can be verified and enforced in a transparent manner.

- provides some level of privacy. By encrypting the policy, others will not be able to figure out the rules associated with the email address.

- provides some amount of traceability. If a spammer gets a hold of your email, you can identify who "sold" the information.