Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- From: Alex Craven <krei@xxxxxxxxx>
- Date: Fri, 31 Jul 2009 05:38:59 +0200
I'm with Shreyas on this one -- it was interesting (albeit somewhat
obvious... the revelation that proportionally more legitimate messages
come from places nearer the recipient is hardly astonishing), but I don't
think there's much practical value... it's not so difficult to identify
spam (which is what the article focussed on), the trick is to do this
while minimising false positives -- a subject the article carefully
avoided.
Filtering messages based on the number of ports open on the sending
machine is clearly flawed (any legitimate, dedicated mailserver may only
have the SMTP port open to the world). Woe upon anyone who implements
this.
As to the geodisic distance... again I'm sceptical. In Australia we'd have
to accept messages within at least a 4000km radius, more for US/Canada...
and think how many countries that would cover in Eurasia? Sure you could
tune the system depending on your region, but I suspect a simpler aproach
based just on the country of origin (as discussed on this list a few weeks
back) would be more effective. This also makes the assumption that you
only want to communicate with a few neighbouring countries in the first
place (which might work fine if you're in the US [incidentally the top
spam-producing country in the world], but probably not otherwise)...
On Thu, Jul 30, 2009 at 11:09:36AM -0700, Ali, Saqib uttered:
I am not sure if this will work or not, but the research was
interesting none-the-less.
saqib
http://kawphi.blogspot.com
On Thu, Jul 30, 2009 at 11:02 AM, Shreyas Zare<shreyas@xxxxxxxxxxxxxx> wrote:
Hi,
This wont work in practical environment. Spammers are no dumb, they
will make new trojan (or push a update!) which better emulates like a
real mail server and get past this technique of spam identification in
a matter of hours. And what about false positives? I feel it will
block a lot of legitimate mails too as it is never seen by the mail
server to check for any other thing like white list, SPF or domain
keys.
Just my 2 cents.
Regards,
On Thu, Jul 30, 2009 at 8:14 AM, Ali, Saqib <docbook.xml@xxxxxxxxx> wrote:
The research revealed that ham (legitimate e-mail) tends to come from
computers that have a lot of channels, or ports, open for
communication. Bots, automated systems that are often used to send out
reams of spam, tend to keep open only the e-mail port, known as the
Simple Mail Transfer Protocol port.
The researchers [also] found that by plotting the geodesic distance
between the Internet Protocol (IP) addresses of the sender and
receiver--measured on the curved surface of the earth--they could
determine whether the message was junk. Spam, the researchers found,
tends to travel farther than ham. Spammers also tend to have IP
addresses that are numerically close to those of other spammers.
The Georgia Tech researchers also looked at the autonomous server (AS)
number associated with an e-mail. (An AS number is assigned to every
independently operated network, whether it's an Internet service
provider or a campus network.) Knowing that a significant percentage
of spam comes from a handful of autonomous server numbers, the
researchers decided to integrate that characteristic into SNARE, too.
Read more (very interesting stuff):
http://www.technologyreview.com/communications/23086/page1/
saqib
http://kawphi.blogspot.com
--
("If at first you don't succeed; call it version 1.0")
Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@xxxxxxxxxxxxxx
..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@xxxxxxxxxxxxxx
Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
--
Alex Craven
krei@xxxxxxxxx
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
- References:
- A interesting way to detect spam based on the proximity of the sender with the receiver
- From: Ali, Saqib
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- From: Shreyas Zare
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- From: Ali, Saqib
- A interesting way to detect spam based on the proximity of the sender with the receiver
- Prev by Date: Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- Next by Date: Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- Previous by thread: Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- Next by thread: Re: A interesting way to detect spam based on the proximity of the sender with the receiver
- Index(es):
Relevant Pages
|
