E-mail Loss Detection Add-in (ELDA)
E-mail Loss Detection Add-in (ELDA)

ELDA (formerly known as “SureMail”) is a Microsoft Research project designed to help with the problem of email delay and loss. Approximately 1% of all mail is lost due to infrastructure failures and aggressive spam filtering, and because email loss is a silent problem, you generally aren't even aware of it! ELDA is an Outlook 2007 add-in that addresses the problem by alerting you of any email sent to you which has become delayed or lost.

About ELDA

The Internet SMTP-based e-mail system does not guarantee the timely or even eventual delivery of messages. E-mail can sometimes be delayed by hours or days, or even fail to be delivered to the recipient or recipients. Sometimes, the users are not even notified that their e-mail was lost. Such silent e-mail loss (i.e., the message is lost without a trace, not merely bounced back or misrouted to the junk mail folder), even if infrequent, imposes a high cost on users in terms of missed opportunities, lost productivity, or needless misunderstanding. Our detailed measurement study over several months shows a silent e-mail loss rate of 0.71% to 1.02%. ELDA addresses this problem.

ELDA augments the existing SMTP-based e-mail infrastructure with a notification system to make intended recipients aware of e-mail they are missing. A notification is a short, fixed-format fingerprint of an e-mail, constructed so as to preserve sender and recipient privacy, and prevent spoofing by spammers. ELDA is designed to be usable immediately by users without requiring the cooperation of their e-mail providers, so it leaves the existing e-mail infrastructure (including anti-spam infrastructure) untouched and does not require a PKI for e-mail users. It places minimal demands on users, by automating the tasks of generating, retrieving, and verifying notifications. It alerts users only when there is actual e-mail loss.

ELDA has several design goals, including:

  • Cause minimal disruption
    Rather than replace the current system, which works for the vast majority of e-mail, with a new system of uncertain reliability, augment it to improve reliability. It should inter-operate seamlessly with the existing e-mail infrastructure (unmodified servers, mail relays, etc.), with additions restricted to software running outside it (e.g. on end-hosts). Users should benefit from the system without requiring cooperation from their e-mail domain administrators.
  • Place minimal demands on the user
    Ideally, user interaction should be limited only to actual instances of e-mail loss; otherwise, he/she should not be involved any more than in the current e-mail system.
  • Preserve asynchronous operation
    E-mail maintains a loose coupling between senders and recipients, providing a useful "social cushion" between them. The sender does not know whether or when an e-mail is downloaded or read. Recipients do not know whether a sender is "online". Such asynchronous operation should be preserved, unlike in other forms of communication such as telephony, IM, and e-mail "read receipts".
  • Preserve privacy
    The solution should not reveal any more about a user’s e-mail communication behavior than the current system does. For instance, it should not be possible for a user to determine the volume or content of e-mails sent/received by another user, the recipients/senders of those e-mails, how often that user checks e-mail, etc. However, as it stands today, e-mail is vulnerable to snooping, whether on the wire or at the servers. We do not seek to rectify this issue.
  • Preserve repudiability
    Repudiability is a key element of e-mail and other forms of casual communication such as IM. In the current e-mail infrastructure, a receiver can identify the sender from the header, but cannot prove the authorship of the e-mail to a third-party, unless the sender chose to digitally sign it. Any solution to e-mail loss should not force senders to sign e-mails or facilitate receivers in proving authorship. As an analogy, people are often more comfortable identifying themselves and communicating sensitive information in person than in written communication, since the latter leaves a paper trail with proof of authorship to a third party. Note that PKI or PGP based authentication of e-mail users, is unsuitable from the viewpoint of providing repudiability.
  • Maintain defenses against spam and viruses
    It should be no easier for spam or viruses to circumvent existing defenses or tell if an e-mail address is valid.
  • Minimize overhead
    The solution should minimize network and compute overheads from additional messaging (e.g. sending all e-mails twice would significantly overload some e-mail servers and network pipes).
Richard Hughes
Richard Hughes


In the News