Improving Email Trustworthiness through Peer-to-peer Sender Authentication
Vivek Pathak


The increasing use of email for phishing and
unsolicited marketing has reduced the trustworthiness of email
as a communication medium.
Sender authentication is a known defense against these attacks.
The existing proposals for sender authentication require
infrastructural support or break compatibility with the mail
transport protocol.

We propose, implement, and evaluate Peer-to-Peer Sender Authentication,
an incrementally deployable and backward compatible
sender authentication mechanism for email.
The mechanism is implemented entirely at the mail client
in accordance with the end-to-end principle.
Sender authentication is achieved by
executing our Byzantine fault tolerant public  key
authentication protocol as an overlay on the mail transport protocol.
Our sender authentication solution requires
honest majority instead of trust infrastructure or
human input for correctness.

We evaluate the authentication overhead
by running an instrumented Thunderbird mail client with synthetic data showing
an increased latency of about 200ms for the user.
Usability of authentication in real life is studied with two anonymized
email traces. The results show that about
40% of the peers can be authenticated
over the 92 day trace period.