Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping Spam Before It Hits the Mail Server

Posted by Soulskill on from the napalm-would-catch-it-even-earlier dept.

Al writes "A team of researchers at the Georgia Institute for Technology say they have developed a way to catch spam before it even arrives on the mail server. Instead of bothering to analyze the contents of a spam message, their software, called SNARE (Spatio-temporal Network-level Automatic Reputation Engine), examines key aspects of individual packets of data to determine whether it might be spam. The team, led by assistant professor Nick Feamster, analyzed 2.5 million emails collected by McAfee in order to determine the key packet characteristics of spam. These include the geodesic proximity of end mail servers and the number of ports open on the sending machine. The approach catches spam 70 percent of the time, with a 0.3 false positive rate. Of course, revealing these characteristics could also allow spammers to fake their packets to avoid filtering."

3 of 157 comments (clear)

  1. .3% false positive is pretty high by Dynedain · · Score: 5, Insightful

    That means that in my office of 50 people, with an average of 50 emails per day (a very very low estimate), we'd get 7-8 false positives daily. I'd hear bloody murder if that was the case.

    We get a lot more mail than that per day, and our spamassassin without autolearning (simply flag anything higher than 5.0) does a hell of a lot better job than that... down in the range of 1-2 false positives a month. Assuming a low daily average of emails (like my example), that's .002% false positives.

    --
    I'm out of my mind right now, but feel free to leave a message.....
  2. Spatio-temporal by CopaceticOpus · · Score: 5, Funny

    So this software functions in both space AND time? Fascinating.

    It's good that they specified that in the name, to avoid questions such as "Will this software work in the universe which we inhabit?"

  3. Re:False positive rate? by vux984 · · Score: 5, Insightful

    And when my mail filters blocks spam, it sends out a message with redirections to an alternative gsm-number telling them to call me so I can whitelist the adres.

    That's called back scatter and its as bad as spam.

    Think about it, my mail servers block about 35,000 spam per day. If they sent a message to each failed recipient with alternative instructions, that would be 35,000 messages I sent out. Some 34,990 of those messages would either be undeliverable or would get delivered to people who had nothing to do with the original message. You are effectively clogging up a bunch of innocent peoples mail systems with your messages.

    Put it another way, suppose some spammer sends 1,000,000 messages with your email address spoofed as the sender. If everyone else did what you do, you would then receive 1,000,000 messages back to your inbox giving you alternate instructions to contact these people.

    You wouldn't want that. Nobody else does either. So please stop.