Filtering spam with behavioral blacklisting

11 years 7 months ago
Filtering spam with behavioral blacklisting
Spam filters often use the reputation of an IP address (or IP address range) to classify email senders. This approach worked well when most spam originated from senders with fixed IP addresses, but spam today is also sent from IP addresses for which blacklist maintainers have outdated or inaccurate information (or no information at all). Spam campaigns also involve many senders, reducing the amount of spam any particular IP address sends to a single domain; this method allows spammers to stay “under the radar”. The dynamism of any particular IP address begs for blacklisting techniques that automatically adapt as the senders of spam change. This paper presents SpamTracker, a spam filtering system that uses a new technique called behavioral blacklisting to classify email senders based on their sending behavior rather than their identity. Spammers cannot evade SpamTracker merely by using “fresh” IP addresses because blacklisting decisions are based on sending patterns, which t...
Anirudh Ramachandran, Nick Feamster, Santosh Vempa
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Anirudh Ramachandran, Nick Feamster, Santosh Vempala
Comments (0)