Spam or Ham? Characterizing and Detecting Fraudulent "Not Spam" Reports in Web Mail Systems
Web mail providers rely on users to "Vote" to quickly and collaboratively identify spam messages. Unfortunately, spammers have begun to use large collections of compromised accounts not only to send spam, but also to vote "Not spam" on many spam emails in an attempt to thwart collaborative filtering. The authors call this practice a vote gaming attack. This attack confuses spam filters since it causes spam messages to be mislabeled as legitimate; thus, spammer IP addresses can continue sending spam for longer. In this paper, they introduced the vote gaming attack and study the extent of these attacks in practice, using four months of email voting data from a large Web mail provider.