Exploring the Spam Arms Race to Characterize Spam Evolution

Current studies on spam evolution usually extract evolution patterns and trends by analyzing historical spam message corpora. In this paper, we propose a novel methodology that incorporates spam filters to the spam trend analysis, as they are the agents that may force spammers to change their tactics. Moreover, filters also evolve over time and different filter releases present different characteristics, providing different views of the spams. We considered both outdated and recent releases of the Open Source SpamAssassin filter and applied their criteria on spams collected from the Spam Archive dataset, a dataset that contains spams collected from 1998 to 2010. When we compare the effectiveness of old and recent filters over old and recent spams, spam trends naturally emerge. Our results give a general picture of the dynamic nature of spam over the last 12 years and indicate that, on any given year, spams from different generations are observed. Moreover, we investigated how the popularity of spam construction techniques changes when filters start to detect them. We also determined automatically techniques that seemed more resistant than others and thus subsidize studies on improving anti-spam mechanisms.