Email Permission Keys

1
Email Permission Keys

• Adrian McElligottCEO Geobytes, inc.Boston,
  March 2008

2
We have failed!
They have failed!
The real cost of lost messages

• If the objective of today's Spam filters is to
  reduce the users exposure to Spam, then for most
  users they have failed.
• Exposing a user to spam in their junk folder is
  still exposing the user to Spam.
• If the user is routinely checking their junk
  folder then the filter is of diminished value.

New Term Lost Message Rate
3
Why are users still checking their junk folders?

• False positives
• False positives
• False positives
• False positives
• They are bored

• Because Spam Filters need them to

4
User Trust Oscillation

• The problem with dynamic re-training via "is
  Spam" and "is not Spam" buttons.

5
Introducing Email Permission Keys

• Email Permission Keys (EPK) - are a unique key
  that is embedded in an email address in such a
  way that it is likely to be retained during
  normal use, and is therefore available to be
  extracted at a later date when that email address
  is used to send a message back to the original
  user.

6
What are CaseKeys?

• They are a type of email permission key, that use
  the CAsE of the LeTTerS that make up an email
  address to embed a unique key into every instance
  of that email address.

7
How CaseKeys Help

• CaseKeys automates the "Is not Spam" button.

• CaseKeys identifies messages that would otherwise
  be false positives
• CaseKeys provides the feedback required to
  dynamically train the filter in real-time.

8
Conclusion

• CaseKeys are a proactive approach to the false
  positives problem.
• CaseKeys automate the Is not Spam button.
• CaseKeys allow filters to maintain the users
  trust at levels that would be otherwise
  unsustainable.

9
Questions

• Q1. How does this affect the user?
• Q2. What proportion of incoming messages would be
  likely to contain a CaseKey?
• Q3. How does this reduce spam?
• Q4. How does CaseKeys work with systems that do
  not preserve all or part of the character casing?
  
• Q5. Does publishing a CaseKeyed email address on
  your web site result in Spam being falsely white
  listed?
• Q6. What is the advantage over white listing
  outbound recipients?
• Q7. How does this reduce solicited bulk email
  false positives?
• Q8. How does this reduce fist contact false
  positives?

10
The End

• The remaining slides are just here to assist with
  answering questions, and generating discussion.

11
CaseKeys Flash Presentation
12
Correction

• Common misconception.

13
Q. How does this affect the user?

• The technology is transparent to the user - the
  user does not have to be concerned with the Case
  - this happens for them automatically.
• No one has to type in the CaseKey. CaseKeys are
  distributed automatically with outgoing messages.
  
• The CaseKey is automatically preserved when the
  recipient clicks reply, or adds the sender to
  their address book.
• Most modern mail readers display the senders
  Display Name, rather than email address, so often
  recipients dont even see the CaseKeyed
  representation of the senders email address.  

14
What proportion of incoming legitimate messages
would contain a CaseKey?

• Geobytes conducted a two year trial of CaseKeys.
  Approximately 90 of the messages received over
  the trial period contained a valid CaseKey.
• How people obtain an email address can be sorted
  into 3 categories. 
• Through a message that they receive - which they
  may reply to or add to their contacts - either
  way the CaseKey is preserved.
• From an online resource -  web page, news group,
  ezine, forum etc in which case a CaseKey would be
  present - Note Public CaseKeys auto-expire.
• They type it in - from a business card, over the
  phone, from off-line media. Direct "typing in" of
  an email address is error prone and unreliable -
  so users tend to avoid it.
• We have found that the vast majority of email
  messages contain recipient email addresses that
  fall into one of the first two "categories of
  acquisition" and therefore benefit from CaseKeys
  technology.  Very few messages contain addresses
  that have been typed in, and these are the only
  category that does not benefit from CaseKeys.

15
Q. How does this reduce spam?

• Whenever a user has to check their Spam folder,
  then they are still being exposed to all of their
  Spam - only the folder name is different.
• CaseKeys may well be the difference between a
  system that users trust and one that they don't -
  the difference between exposure to all of the
  Spam, or no Spam.

16
Q. What about systems that do not preserve all of
the character casing?

• Most email system (gt85) do preserve the case of
  the entire address which is adequate to reduce
  a filters false positive rate by over 80 and to
  automate filter training.
• If 100 preservation is required then we use a
  hybrid of CaseKeys with Display Name Annexing
• Message that do not contain a valid CaseKey are
  not disadvantaged by the CaseKeys subsystem, they
  just dont directly benefit from it. They do
  however indirectly benefit from the filter tuning
  that automating the Is not Spam button
  provides.
• RFC 2821 states that the local-part of an e-mail
  address which includes the display name and
  any plus addressing, "MUST BE treated as case
  sensitive".

17
Q. Does publishing a CaseKey result in Spam being
falsely white listed?

• CaseKeys that are published on web pages are set
  to auto expire.
• In the event that a CaseKey does fall in to the
  wrong hands and did result in a False Negative,
  then the user clicking Is Spam would invalidate
  the CaseKey.

18
Q. How does this reduce fist contact false
positives?

• User interface may provided a facility to issues
  the user with a unique CaseKeys for the purpose
  of publication on web page. CaseKeys that are
  issued for this purpose are set to auto expire.
• An AJAX service automatically cycles the CaseKeys
  on a web page.

19
The advantage of CaseKeys over just white listing
outbound recipients

• You can expire CaseKeys, and while you can
  blacklist an email address you cant issue the
  compromised user a new email address.
• CaseKeys embed the key in the senders address,
  which propagates when the message is forwarded to
  a third user.
• Many users have multiple addresses feeding to the
  same inbox, so a reply may come from a different
  email address.

20
Q. How does this reduce solicited bulk email
false positives?

• A facility can be provided whereby the user can
  manually issue a unique CaseKey for the purpose
  of registering with a newsletter or online
  service.

21
New TermLost Message Rate (LMR)

• Is the percentage of legitimate messages that are
  mistaken for Spam. Traditionally the industry
  has used the statistical term false positive
  which does not truly reflect the proportion of
  legitimate messages that the filter is loosing.

Return To The real cost of lost messages
22
New Term Display Name Annexing (DNA)

• Is a type of email permission key that appends or
  encodes a unique key within the Display
  Name portion of the email address.
• A typical display name key may look something
  like this "John Smith 12345" ltjohn.smith_at_example.
  comgt where 12345 is the key.

23
Quick Quiz Question 1

• If you receive 100 legitimate messages and your
  spam filter misplaces one of them in your Spam
  folder, then what is the filter's false positive
  rate?

1. One in a Billion
2. One in a Million
3. One in a Thousand
4. Could be any of the above depending on how much
   Spam you get.

24
Quick Quiz Question 2

• What is the difference between being exposed to
  Spam in your inbox and being exposed to Spam in
  your Spam folder?

1. It takes longer to sort through two folders.
2. It is quicker to sort through two folders.
3. It is a perception, feel-good thing, it is less
   aggravating to be exposed to Spam in your Spam
   folder.
4. Either way you are still exposed to Spam