Security

Flow-Level Characteristics of Spam and Ham

Download Now Free registration required

Executive Summary

Despite a large amount of effort devoted in the past years trying to limit unsolicited mail, spam is still a major global concern. Content-analysis techniques and blacklists, the most popular methods used to identify and block spam, are beginning to lose their edge in the battle. They argue here that one not only needs to look into the network-related characteristics of spam traffic, as has been recently suggested, but also to look deeper into the network core, in order to counter the increasing sophistication of spaming methods. Yet, at the same time, local knowledge available at a given server can often be irreplaceable in identifying specific spammers. To this end, this paper shows how the local intelligence of mail servers can be gathered and correlated passively at the ISP-level providing valuable network-wide information.

  • Format: PDF
  • Size: 292.35 KB