The present invention relates to a source-of-leakage detectable e-mail address forming method, and particularly to a method of the sending and receiving of an e-mail according to which it is possible to detect a source of leakage of an e-mail using the source-of-leakage detectable e-mail address forming method, and a system using the same.
In recent years, the leakage of personal information has been an issue of public concern. Therefore, the protection of personal information has been clamored for. There are various measures for the protection of personal information, and the detection of a source of leakage has a deterrent effect on personal information flow. The leakage of an e-mail address is considered to be caused by wiretapping on a communication channel. To counter this, the encryption of a communication channel such as SSL has been utilized. On the other hand, there is a possibility that one who has obtained an address leaks it artificially (data creep). In this case, it is not possible to prevent a leakage by use of an existing security system such as the encryption of a communication channel. As one of methods of detecting a source of information leakage, E-mail Dyeing is known.
E-mail Dyeing is a system in which a source of e-mail address leakage can be detected due to the enhancement of a conventional mail system. It is assumed that the e-mail address of a user A who uses a mail server of receiver.com is A@receiver.com, the e-mail address of a user B who uses a mail server of sender.com is B@sender.com, and the e-mail address of a user C who uses a mail server of sender2.com is C@sender2.com. When A and B make contact, the following addresses are used.
A to BB@sender.comB to AAB@receiver.com
Similarly, when A makes contact with C,
A to CC@sender2.comC to AAC@receiver.com
The address used when B or C sends an e-mail to A is called a dyed e-mail address. However, A himself/herself is not required to manage the dyed e-mail address such as AB@receiver.com, and A's mail server of receiver.com carries out communications by use of a conversion table of the following addresses and the dyed addresses according to a communications contact.
TABLE 1Dyed e-mailOriginal e-mailCommunicationsaddressaddresscontactAB@receiver.comA@receiver.comBAC@receiver.comA@receiver.comC
When A sends an e-mail, a “From:” field is converted according to his/her communications contact, thus concealing A's real address. When A receives an e-mail, an address in a “To:” field is converted into its original address by use of the conversion table. At this time, if an e-mail is delivered to AC@receiver.com from an unknown address (for example, except C), it is possible to detect the fact that C leaked AC@receiver.com.
However, if an e-mail address is leaked on a communication channel while an e-mail is sent by use of E-mail Dyeing, it is not necessarily limited that the user B who uses the dyed address leaked the e-mail address. Furthermore, with E-mail Dyeing, in the mail server, when there are N e-mail addresses and each e-mail address carries out communications with M addresses on average, heap usage which is required for the conversion table of destination addresses and dyed e-mail addresses is O (NM). Moreover, a lookup is required to be performed on a table of N×M to convert a dyed e-mail address and a sender. Additionally, E-mail Dyeing can be realized only in a case where at least A knows B, and there is no protocol to find A's e-mail address from B's side who does not know A. Hence, for a contact made from B's side, an e-mail address of an existing mail system is needed to be used. Thus, it is not possible for A to authenticate communications selectively.