Skip to content
/ SEAL Public

Uses semi-private email aliases to limit impact of email address leakages.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bengheng/SEAL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

conf

conf

 
 

data

data

 
 

doc

doc

 
 

src

src

 
 

COPYING

COPYING

 
 

README

README

 
 

Repository files navigation

ABSTRACT
========

Email address leakages are the cause of several security problems including spam
and privacy loss. With current email addresses, once the address leaks without
its owner's consent, it becomes effectively compromised, creating a struggle for
the user to keep the address out of the hands of new spammers. To compound the
problem, some websites require addresses belonging to a certain domain (e.g.,
<university>.edu) as a partial proof of the user's affiliation with an
organization. This leaves the user not much choice except to have faith that the
address will not be misused.

To address the problem, SEAL improves on the prior work on disposable email
addresses by proposing a mechanism called semi-private aliases. Semi-private
aliases make two contributions. First, they have a lifecycle model that permits
gradual, selective controls on the use of the alias by senders without requiring
any special infrastructure on the part of senders or receivers. Second,
semi-private aliases can be easily used to authenticate a user belonging to a
certain organization (e.g., university or company) and reveal only selected
attributes to a service while hiding the real identity. The second aspect
recently proved useful in allowing students in one of our freshmen courses to
register easily and safely at piazza.com, a discussion forum for courses, that,
by default, requires students to provide a university email address, but has
privacy policies that differ from a university's.


INSTALLATION
============

Installing SEAL can be a little overwhelming as it requires setting up Postfix,
Dovecot, Apache, SQLite, and Python. Please follow the respective instruction
manuals for more information. Example Dovecot and Postfix configuration files
are provided in the "./conf/" directory.

Note that in some scripts, you may observe different domains being used for
SEAL-related email addresses. That is because SEAL was deployed on different
machines with different domain names. You can change them to the same domain
name.


LICENSING
=========

This program is released under the terms of the GNU General Public
License (GNU GPL).

You can find a copy of the license in the file COPYING.


CONTACT
=======

For any questions or feedbacks, please contact:
Beng Heng Ng (bengheng@gmail.com)
Alex Crowell (crowella@eecs.umich.edu)
Atul Prakash (aprakash@eecs.umich.edu)

We value all feedback and will try to answer your queries. However, we seek your
understanding that sometimes, due to resource constraints, our replies may take
longer than we would prefer.

About

Uses semi-private email aliases to limit impact of email address leakages.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages