Evaluating The Use of Spam-triggered TCP/IP Rate Control To Protect SMTP Servers
نویسندگان
چکیده
This paper examines an approach to spam mitigation that rate limits incoming TCP/IP connections to an SMTP server based on the real-time detection of spam within the SMTP message exchange. Our approach is motivated by a desire to cause increased resource consumption at the spammer end of each SMTP connection, and to avoid the negative impact of falsepositives by eventually allowing all emails through. We call the tool MT Proxy. MT Proxy’s spam analysis and traffic differentiation characteristic are analyzed to evaluate the efficacy of this architectural approach to fighting spam. Keywords-Spam, Email, SMTP, false positives, false negatives, white lists, black lists, challenge-response, Bayesian, ipfw, dummynet.
منابع مشابه
Mitigating Email Spam by Statistical Rejection of TCP Connections Using Recent Sender History
Email spam is a significant problem for ISPs and Internet users. While part of the solution is legislative, there remains many avenues for innovative technological spammitigation techniques. We propose a novel TCP-layer algorithm that statistically accepts or rejects in-bound TCP connection requests based on the recent past history of spam injection from particular source IP addresses. Our sche...
متن کاملAuto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection
Botnets are a significant source of abusive messaging (spam, phishing, etc) and other types of malicious traffic. A promising approach to help mitigate botnet-generated traffic is signal analysis of transport-layer (i.e. TCP/IP) characteristics, e.g. timing, packet reordering, congestion, and flow-control. Prior work [4] shows that machine learning analysis of such traffic features on an SMTP M...
متن کاملFreeBSD server anti-spam software using automated TCP connection control
This paper describes a new approach to anti-spam techniques. Instead of having spam filtering software implemented at a mail client or server, we build a mail server agent called MT Proxy to deal with any spam related issue. This server acts a mediate firewall to securely protect our real SMTP mail server. All emails are allowed to come to their recipients, but at either slow or fast speed, dep...
متن کاملRouter-Level Spam Filtering Using TCP Fingerprints: Architecture and Measurement-Based Evaluation
Email spam has become costly and difficult to manage in recent years. Many of the mechanisms used for controlling spam are located at local SMTP servers and end-host machines. These mechanisms can place a significant burden on mail servers and end-host machines as the number spam messages received continues to increase. We propose a preliminary architecture that applies spam detection filtering...
متن کاملSIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications
In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from the...
متن کامل