The Internet is a worldwide network of computers and computer networks arranged to allow the easy and robust exchange of information between users of computers. Hundreds of millions of people around the world have access to computers connected to the Internet via Internet Service Providers (ISPs). Content providers place multimedia information, i.e. text, graphics, sounds, and other forms of data, at specific locations on the Internet referred to as websites. The combination of all the websites and their corresponding webpages on the Internet is generally known as the World Wide Web (WWW) or simply web.
Websites may be created using HyperText Markup Language (HTML) to generate a standard set of tags that define how the webpages for the website are to be displayed. Users of the Internet may access content providers' websites using software known as an Internet browser, such as MICROSOFT INTERNET EXPLORER or NETSCAPE NAVIGATOR. After the browser has located the desired webpage, it requests and receives information from the webpage, typically in the form of an HTML document, and then displays the webpage content for the user. The user may then view other webpages at the same website or move to an entirely different website using the browser.
Websites allow businesses and individuals to share their information with a large number of Internet users. Further, many products and services are offered for sale on the Internet, thus elevating the Internet to an essential tool of commerce.
Electronic mail or email is another important part of the Internet. Email messages may contain, for example, text, images, links, and attachments. Email is one of the most widely used methods of communication over the Internet due to the variety of data that may be transmitted, large number of available recipients, speed, low cost and convenience.
Email messages may be sent, for example, between friends, family members or between coworkers thereby substituting for traditional letters and office correspondences in many cases. This is made possible because the Internet has very few restrictions on who may send emails, the number of emails that may be transmitted and who may receive the emails. The only real hurdle for sending emails is the requirement that the sender must know the email address (also called network mailbox) of the intended recipient.
Email messages travel across the Internet, typically passing from server to server, at amazing speeds achievable only by electronic data. The Internet provides the ability to send an email anywhere in the world, often in less than a few seconds. Delivery times are continually being reduced as the Internet's ability to transfer electronic data improves.
Most internet users find emails to be much more convenient than traditional mail. Traditional mail requires stamps and envelopes to be purchased and a supply maintained, while emails do not require the costs and burden of maintaining a supply of associated products. Emails may also be sent with the click of a few buttons, while letters typically need to be transported to a physical location, such as a mail box, before being sent.
Once a computer and an Internet connection have been purchased, there are typically few additional costs associated with sending emails. This remains true even if millions, or more, of emails are sent by the same user. Emails thus have the extraordinary power of allowing a single user to send one or more messages to a very large number of people at an extremely low cost.
The Internet has become a very valuable tool for business and personal communications, information sharing, commerce, etc. However, some individuals have abused the Internet. Among such abuses are phishing, spam, and posting of illegal content on a website (e.g. child pornography). Phishing is the luring of sensitive information, such as passwords, credit card numbers, bank accounts and other personal information, from an Internet user by masquerading as someone trustworthy with a legitimate need for such information. Spam or unsolicited email is flooding the Internet with many copies of the identical or nearly identical message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
A single spam message received by a user uses only a small amount of the user's email account's allotted disk space, requires relatively little time to delete and does little to obscure the messages desired by the user. Even a small number of spam messages, while still annoying, would nonetheless cause relatively few real problems. However, the number of spam transmitted over the Internet is growing at an alarming rate. While a single or small number of spam messages are annoying, a large number of spam can fill a user's email account's allotted disk space thereby preventing the receipt of desired emails. Also, a large number of spam can take a significant amount of time to delete and can even obscure the presence of desired emails in the user's email account.
Spam currently comprises such a large portion of Internet communications that they actually cause data transmission problems for the Internet as a whole. Spam creates data log jams thereby slowing the delivery of more desired data through the Internet. The larger volume of data created by spam also requires the Internet providers to buy larger and more powerful, i.e. more expensive, equipment to handle the additional data flow caused by the spam.
Spam has a very poor response rate compared to other forms of advertisement. However, since almost all of the costs/problems for transmitting and receiving spam are absorbed by the recipient of the spam and the providers of the hardware for the Internet, spam is nevertheless commercially viable for a spammer due to the extremely low cost of transmitting the spam.
There are various techniques used for combating Internet abuses. Among them: an SSL (Secure Socket Layer) protocol in conjunction with a Certification Authority that authenticates the owners of the domain name, spam filtering, email challenge-response systems, maintaining white and/or black lists for email addresses, domain names, and IP (Internet Protocol) numbers, etc.
Below are a few examples of the systems (some reputation-based) that combat spam.
The SenderBase system (http://www.senderbase.org) keeps track of the amount of email messages originating from various domain names and IP addresses. IronPort Systems Inc., a company that maintains SenderBase.org, explains how it works in this example: “If a sender has high global volumes of mail—say 200 Million messages per day—from a network of 5 different domains and 1,700 IP addresses that have only been sending mail for 15 days yet have a high end user complaint rate and they don't accept incoming mail, they will have a very low reputation on score [ . . . ]. If a sender is a Fortune 500 company, they will likely have much more modest global email volumes—say 500,000 messages per day—will have a smaller number of IPs and domains with a long sending history, they will accept incoming email and have low (or zero) end user complaint rates.” (http://www.ironport.com/pdf/ironport_c60_rep_based_paper.pdf)
The Bonded Sender Program (http://www.bondedsender.com) maintains a white list-like service. The participants of the service must adhere to the rules and post a bond to be included on the white list.
SpamCop (http://www.spamcop.net) maintains a black list of IP addresses and allows users to report spam to a centralized database.
Multiple solutions are created for establishing “societies” of trusted users. Some solutions keep track of user reputation or trust level. See http://trust.mindswap.org, http:www.ceas.cc/papers-2004/177.pdf, http://moloko.itc.it/trustmetricswiki/moin.cgi.
Cloudmark, Inc. (http://cloudmark.com) provides spam filtering and allows users to block or unblock messages manually. The users' votes on messages (blocking and unblocking) are reported to a centralized database, allowing for better spam filtering by reducing the number of false positives. Each Cloudmark user is assigned with a reputation (trust rating). If a malicious user unblocks a spam message, while a large number of other users block it, the malicious user's reputation will go down. If a user votes along the lines with the rest of the users, her/his reputation raises.
VeriSign, Inc. maintains the list of domain names that were issued a VeriSign SSL digital certificate, so called “Verified Domains List.” The company plans to make the list accessible to third parties (http://www.verisign.com/printablePages/page—005051.html).
Some systems suggest publishing reputation data in the DNS (Domain Name System) records. See the Mailbox Reputation Network at http://mrn.polityresearch.com.
For the reputation-based systems to work properly, the sender's email address or at least its domain name part should be correct. Often malicious users forge (spoof) the sender's email address when they send out spam, viruses, or phishing email messages. Among the solutions to this problem are Microsoft's Sender ID (http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx) and Yahoo's Domain Keys (http://antispam.yahoo.com/domainkeys). The Sender ID proposal envisions publishing the sender's email IP address in the DNS records of the sender's server. This allows the receiver of the email message to compare the originating IP address in the email with the IP address published in the DNS. If they don't match, the email address was forged. The Domain Keys proposal utilizes public-private key infrastructure. The sender publishes its public key in the DNS records and digitally signs outgoing email messages with its private key. The receiver can validate the sender's signature using the sender's public key published in the DNS records.
Even though multiple reputation-based systems are being used, the amount of spam and other Internet abuses is steadily rising. Existing systems are numerous but often are not connected and none of them utilize the unique role of a domain name Registry or a domain name Registrar on the Internet. Internet users do not know which system to use and often cannot even find them. Many systems require participation (membership) in a trusted society, thus alienating users who are not part of the society. Some of the systems also do not provide dynamic updates of the reputation over time.
Therefore, new systems and methods are needed to overcome the limitations of the current systems and methods. It is desired to create systems and methods that provide more efficient solutions for combating Internet abuses through reputation tracking.