The pervasive use of the Internet has caused an incredible growth of unwanted traffic, such as spam, malware and malicious intrusions. Controlling unwanted traffic based on trust and reputation mechanisms has invited significant and rigorous research in recent years. However, few of existing solutions concern and preserve the privacy of Internet hosts that report suspicious attacks. They cannot fulfill legal requirements, and are therefore impractical. In this paper, we propose a privacy-preserving trust management system for unwanted traffic control by applying homomorphic cryptosystem. The proposed system protects privacy, which is proved to be one-way and semantically secure against chosen-plaintext (IND-CPA) attacks if Computational Composite Residuosity Assumption (CCRA) holds. The system is implemented and its performance is extensively examined in terms of computation complexity, communication overhead and storage consumption. The result shows the effectiveness and practicality of our system to preserve the privacy of Internet hosts in the detection and control of unwanted traffic. (C) 2016 Elsevier B.V. All rights reserved.