funsec mailing list archives
An interesting way to detect spam based on the proximity of the sender with the receiver
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Wed, 29 Jul 2009 19:46:05 -0700
The research revealed that ham (legitimate e-mail) tends to come from computers that have a lot of channels, or ports, open for communication. Bots, automated systems that are often used to send out reams of spam, tend to keep open only the e-mail port, known as the Simple Mail Transfer Protocol port. The researchers [also] found that by plotting the geodesic distance between the Internet Protocol (IP) addresses of the sender and receiver--measured on the curved surface of the earth--they could determine whether the message was junk. Spam, the researchers found, tends to travel farther than ham. Spammers also tend to have IP addresses that are numerically close to those of other spammers. The Georgia Tech researchers also looked at the autonomous server (AS) number associated with an e-mail. (An AS number is assigned to every independently operated network, whether it's an Internet service provider or a campus network.) Knowing that a significant percentage of spam comes from a handful of autonomous server numbers, the researchers decided to integrate that characteristic into SNARE, too. Read more (very interesting stuff): http://www.technologyreview.com/communications/23086/page1/ saqib http://kawphi.blogspot.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- An interesting way to detect spam based on the proximity of the sender with the receiver Ali, Saqib (Aug 14)
- Re: An interesting way to detect spam based on the proximity of the sender with the receiver Rich Kulawiec (Aug 16)