An interesting way to detect spam based on the proximity of the sender with the receiver

["Ali, Saqib" <docbook.xml () gmail com>]

The research revealed that ham (legitimate e-mail) tends to come from
computers that have a lot of channels, or ports, open for
communication. Bots, automated systems that are often used to send out
reams of spam, tend to keep open only the e-mail port, known as the
Simple Mail Transfer Protocol port.

The researchers [also] found that by plotting the geodesic distance
between the Internet Protocol (IP) addresses of the sender and
receiver--measured on the curved surface of the earth--they could
determine whether the message was junk. Spam, the researchers found,
tends to travel farther than ham. Spammers also tend to have IP
addresses that are numerically close to those of other spammers.

The Georgia Tech researchers also looked at the autonomous server (AS)
number associated with an e-mail. (An AS number is assigned to every
independently operated network, whether it's an Internet service
provider or a campus network.) Knowing that a significant percentage
of spam comes from a handful of autonomous server numbers, the
researchers decided to integrate that characteristic into SNARE, too.

Read more (very interesting stuff):
http://www.technologyreview.com/communications/23086/page1/



saqib
http://kawphi.blogspot.com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.