RouterLevel Spam Filtering Using TCP Fingerprints: Architecture and Measurement-Based Evaluation

Date Added: Jul 2009
Format: PDF

Email spam has become costly and difficult to manage in recent years. Many of the mechanisms used for controlling spam are located at local SMTP servers and end-host machines. These mechanisms can place a significant burden on mail servers and end-host machines as the number spam messages received continues to increase. The paper proposes a preliminary architecture that applies spam detection filtering at the router-level using light-weight signatures for spam senders. The paper argues for using TCP headers to develop fingerprint signatures that can be used to identify spamming hosts based on the specific operating system and version from which the email is sent. These signatures are easy to compute in a light-weight, stateless fashion.