Re: A interesting way to detect spam based on the proximity of the sender with the receiver



I am not sure if this will work or not, but the research was
interesting none-the-less.


saqib
http://kawphi.blogspot.com


On Thu, Jul 30, 2009 at 11:02 AM, Shreyas Zare<shreyas@xxxxxxxxxxxxxx> wrote:
Hi,

This wont work in practical environment. Spammers are no dumb, they
will make new trojan (or push a update!) which better emulates like a
real mail server and get past this technique of spam identification in
a matter of hours. And what about false positives? I feel it will
block a lot of legitimate mails too as it is never seen by the mail
server to check for any other thing like white list, SPF or domain
keys.

Just my 2 cents.

Regards,

On Thu, Jul 30, 2009 at 8:14 AM, Ali, Saqib <docbook.xml@xxxxxxxxx> wrote:

The research revealed that ham (legitimate e-mail) tends to come from
computers that have a lot of channels, or ports, open for
communication. Bots, automated systems that are often used to send out
reams of spam, tend to keep open only the e-mail port, known as the
Simple Mail Transfer Protocol port.

The researchers [also] found that by plotting the geodesic distance
between the Internet Protocol (IP) addresses of the sender and
receiver--measured on the curved surface of the earth--they could
determine whether the message was junk. Spam, the researchers found,
tends to travel farther than ham. Spammers also tend to have IP
addresses that are numerically close to those of other spammers.

The Georgia Tech researchers also looked at the autonomous server (AS)
number associated with an e-mail. (An AS number is assigned to every
independently operated network, whether it's an Internet service
provider or a campus network.) Knowing that a significant percentage
of spam comes from a handful of autonomous server numbers, the
researchers decided to integrate that characteristic into SNARE, too.

Read more (very interesting stuff):
http://www.technologyreview.com/communications/23086/page1/



saqib
http://kawphi.blogspot.com



--
("If at first you don't succeed; call it version 1.0")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@xxxxxxxxxxxxxx

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@xxxxxxxxxxxxxx

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Spam
    ... I use SpamCop to report those spam messages that get ... through their server, which would eliminate the need for MailWasher. ... >> or "remove" yourself from the spammers' address lists; ...
    (microsoft.public.windowsxp.basics)
  • Re: Random Email Bounces
    ... of my own registered domains that's currently blissfully free of spam - - ... my own wee server here is pretty busy as is :-) ... mailers used by spammers retry failed delivery attempts. ...
    (microsoft.public.exchange.admin)
  • Re: Spam
    ... > MailWasher to preview my email before downloading it from my ISP's ... I use SpamCop to report those spam messages that get ... > through their server, which would eliminate the need for MailWasher. ... If spammers had any intention of honoring ...
    (microsoft.public.windowsxp.basics)
  • RE: virus mail ignores MX?
    ... More than 70% of our spam that is blocked is blocked at the secondary ... I agree and fully believe that spammers seem to be targeting ... > could make an intelligent guess that a backup MX server is ... Any protection against such an attack ...
    (Security-Basics)
  • Re: increase in spam and what to do about it
    ... because your potential customer is using an ISP that happens to get ... As fast as you can come up with a trechnical solution the spammers will ... doesn't stop spam but is very likely to make the innocent pay for it. ... organization, ie. ISP - include hefty fines in your customer contract, ...
    (comp.os.vms)