Policy-Controlled Email Services




Kaushik, Saket

Journal Title

Journal ISSN

Volume Title



The context for this research proposal is an area of work that seeks to replace the current state of access-control for email, in which an arbitrary message sender enjoys unregulated \append" access to message recipient's email mailbox, with a pol- icy framework, in which each principal involved in a message exchange - namely the sender, the sender's service provider, the recipient's service provider, and the recipient, can articulate its interests for regulating access to resources under its control. Though there exist a vast number of automatic control techniques to limit transmission of email messages, specifically, to stop unwanted messages reaching a recipient, they are still prone to dropping some desirable messages. This often prompts recipients and other principals to relax the message acceptance requirements. This in turn makes them easy targets for sending commercial or fraudulent mail. We propose a novel scheme to overcome this handicap. Our scheme makes the transmission mechanism aware of the documentation required with a message to make it acceptable downstream. For instance, if a recipient wishes to receive only those messages that have a monetary guarantee, also known as a bond, then the transmission system must be made aware of this fact so that desirable messages can satisfy this requirement. Consequently, recipients and other principals can express and enforce precise acceptance requirements, through explicit policies, and gain control over their resources. In addition to the problem of enforcing precise acceptance requirements in the transmission process, there exists no means of flexibly combining available email- control techniques tailored to the needs of a particular recipient or its service provider. This is the primary reason for the inability to express requirements suited to a particular individual. For instance, currently it is not possible to state a requirement like `allow messages, initiated by a human sender affiliated with George Mason University, even though the spam filter ranks them as possible spam'. In our view a policy-based approach is well-suited to attain this objective. The use of these control-techniques leads to significant deviation of behavior from what is prescribed in the current email delivery protocol. In other words, the protocol lacks significantly in representing the current delivery requirements. Clearly, it requires an overhaul to correspond to current requirements and reduce ambiguities during protocol play; a goal that we propose to research in this study. We propose using constraint logic programming (CLP) to articulate and evaluate different types of policies. This is because the way messages are constructed and acceptance conditions are evaluated, a CLP approach seems a natural way to model these operations. In addition, CLP approach promises to simplify the task of providing feedback for rejected messages, so that they can be revised and retransmitted. Since declarative policies can describe control on a very high-level, we also propose to study refinements of these high-level directives to protocol level actions.



Spam control, Network Security, Privacy, Policy evaluation