|Zach|
07-22-2005, 04:25 PM
Retracing spam steps could halt mass emails
The deluge of spam that pours into email inboxes each day could by curtailed using software that learns to identify the routes taken by unwanted messages, researchers say.
A team from IBM and Cornell University in New York state, US, developed the anti-spam technique, which they call "SMTP Path Analysis". It involves examining information embedded in email messages about the route it has taken across the internet. This allows it to make a good guess as to whether or not a new message is electronic junk mail.
The algorithm at the heart of SMTP Path Analysis studies Simple Mail Transfer Protocol (SMTP) information, which is added to an email message "header" as it is passed between servers on the internet. This remains hidden when a message arrives in a recipient's inbox but can be used retrace its steps between different mail servers.
Most spam filters try to catch spam by looking at the content of a message, rather than its hidden header. Many already learn to identify new spam by examining previous message. But spammers are constantly coming up with new tricks in an effort to outwit such content-filtering techniques.
The SMTP Path Analysis algorithm "learns" by examining the string of internet protocol (IP) addresses included in both spam and legitimate email headers. When a new message arrives, it is then able to judge, with relative accuracy, whether it is legitimate or, in fact, unwanted spam.
Barry Leiba, one of the researchers, at IBM's Thomas J Watson Research Center laboratory in New York, says the algorithm is not meticulous enough to efficiently catch spam on its own, but works well in combination with content filtering tools. "And it catches stuff that content filters can't," he told New Scientist. "Combining this [with other methods] can be useful."
The researchers behind SMTP Path Analysis had to deal with the fact that spammers can forge the address of the mail server used to send a message out. To counter this, they developed another algorithm that judges plausibility of the overall path that a message claims to have taken.
Complementary technique
"The techniques it uses are very promising," says Joshua Goodman, an anti-spam researcher at Microsoft, and chair of the Second Conference on Email and Anti-Spam in California, where the new software was presented on Friday. "It will be a good complement to other techniques.”
Goodman adds that the approach should be difficult for spammers to defeat, because it makes use of IP information that comes from many different sources. "One of the nice things about IP address-based approaches is that they are pretty robust to spammers," he told New Scientist.
In an effort to stem growing levels of spam, several industry groups have proposed altering the underlying protocols of email. A popular idea is to have email servers provide cryptographic keys so that messages can be verified as they arrive in an inbox.
Robert Rounthwaite, another spam researcher at Microsoft, says this should provide a big boost to anti-spam efforts. "Domain authentication has the advantage that you can more confidently assign a good reputation to deserving domains," he says.
http://www.newscientist.com/article.ns?id=dn7718
The deluge of spam that pours into email inboxes each day could by curtailed using software that learns to identify the routes taken by unwanted messages, researchers say.
A team from IBM and Cornell University in New York state, US, developed the anti-spam technique, which they call "SMTP Path Analysis". It involves examining information embedded in email messages about the route it has taken across the internet. This allows it to make a good guess as to whether or not a new message is electronic junk mail.
The algorithm at the heart of SMTP Path Analysis studies Simple Mail Transfer Protocol (SMTP) information, which is added to an email message "header" as it is passed between servers on the internet. This remains hidden when a message arrives in a recipient's inbox but can be used retrace its steps between different mail servers.
Most spam filters try to catch spam by looking at the content of a message, rather than its hidden header. Many already learn to identify new spam by examining previous message. But spammers are constantly coming up with new tricks in an effort to outwit such content-filtering techniques.
The SMTP Path Analysis algorithm "learns" by examining the string of internet protocol (IP) addresses included in both spam and legitimate email headers. When a new message arrives, it is then able to judge, with relative accuracy, whether it is legitimate or, in fact, unwanted spam.
Barry Leiba, one of the researchers, at IBM's Thomas J Watson Research Center laboratory in New York, says the algorithm is not meticulous enough to efficiently catch spam on its own, but works well in combination with content filtering tools. "And it catches stuff that content filters can't," he told New Scientist. "Combining this [with other methods] can be useful."
The researchers behind SMTP Path Analysis had to deal with the fact that spammers can forge the address of the mail server used to send a message out. To counter this, they developed another algorithm that judges plausibility of the overall path that a message claims to have taken.
Complementary technique
"The techniques it uses are very promising," says Joshua Goodman, an anti-spam researcher at Microsoft, and chair of the Second Conference on Email and Anti-Spam in California, where the new software was presented on Friday. "It will be a good complement to other techniques.”
Goodman adds that the approach should be difficult for spammers to defeat, because it makes use of IP information that comes from many different sources. "One of the nice things about IP address-based approaches is that they are pretty robust to spammers," he told New Scientist.
In an effort to stem growing levels of spam, several industry groups have proposed altering the underlying protocols of email. A popular idea is to have email servers provide cryptographic keys so that messages can be verified as they arrive in an inbox.
Robert Rounthwaite, another spam researcher at Microsoft, says this should provide a big boost to anti-spam efforts. "Domain authentication has the advantage that you can more confidently assign a good reputation to deserving domains," he says.
http://www.newscientist.com/article.ns?id=dn7718