Thwarting E-mail spam laundering

Mengjun Xie, Heng Yin, Haining Wang

Research output: Contribution to journalArticlepeer-review

7 Scopus citations

Abstract

Laundering e-mail spam through open-proxies or compromised PCs is a widely-used trick to conceal real spam sources and reduce spamming cost in the underground e-mail spam industry. Spammers have plagued the Internet by exploiting a large number of spam proxies. The facility of breaking spam laundering and deterring spamming activities close to their sources, which would greatly benefit not only e-mail users but also victim ISPs, is in great demand but still missing. In this article, we reveal one salient characteristic of proxy-based spamming activities, namely packet symmetry, by analyzing protocol semantics and timing causality. Based on the packet symmetry exhibited in spam laundering, we propose a simple and effective technique, DBSpam, to online detect and break spam laundering activities inside a customer network. Monitoring the bidirectional traffic passing through a network gateway, DBSpam utilizes a simple statistical method, Sequential Probability Ratio Test, to detect the occurrence of spam laundering in a timely manner. To balance the goals of promptness and accuracy, we introduce a noise-reduction technique in DBSpam, after which the laundering path can be identified more accurately. Then DBSpam activates its spam suppressing mechanism to break the spam laundering. We implement a prototype of DBSpam based on libpcap, and validate its efficacy on spam detection and suppression through both theoretical analyses and trace-based experiments.

Original languageEnglish (US)
Article number13
JournalACM Transactions on Information and System Security
Volume12
Issue number2
DOIs
StatePublished - Dec 1 2008

Keywords

  • Proxy
  • SPRT
  • Spam

ASJC Scopus subject areas

  • General Computer Science
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Thwarting E-mail spam laundering'. Together they form a unique fingerprint.

Cite this