Stopping spam with sending session verification

Spam has become one of the most significant problems for Internet communication and users today. The traditional filtering methods and signature-based spam blocking systems that have come into prominence recently fall short, as statistics demonstrate that spam further mounts up day after day. In this study, a new method is recommended to block spam mails. In this recommended method, a mail sending session is verified during mail envelope communication by adding small attachments to the simple mail transfer protocol, so spam mails can be blocked before leaving the sender domain or relay machine. Additionally, hijacked user accounts are able to be detected by statistical filtering software support, and spam mails coming from these users can be blocked and the account owners can be informed. According to the test results, 99.4% of the spam mails were able to be stopped by the proposed method, and the false positive problem was able to be solved and a significant decrease in the false negative percentages was ensured.

Stopping spam with sending session verification

Spam has become one of the most significant problems for Internet communication and users today. The traditional filtering methods and signature-based spam blocking systems that have come into prominence recently fall short, as statistics demonstrate that spam further mounts up day after day. In this study, a new method is recommended to block spam mails. In this recommended method, a mail sending session is verified during mail envelope communication by adding small attachments to the simple mail transfer protocol, so spam mails can be blocked before leaving the sender domain or relay machine. Additionally, hijacked user accounts are able to be detected by statistical filtering software support, and spam mails coming from these users can be blocked and the account owners can be informed. According to the test results, 99.4% of the spam mails were able to be stopped by the proposed method, and the false positive problem was able to be solved and a significant decrease in the false negative percentages was ensured.

___

  • European Parliament and of the Council, Directive 2002/58/EC, 2002.
  • United States Congress, Public Law 108187, 2003.
  • J. Carpinter, R. Hunt, “Tightening the net: a review of current and next generation spam prevention tools”, Computers and Security, Vol. 25, pp. 566–578, 2006.
  • G. Schryen. Anti-Spam Measures, Analysis and Design, New York, Springer, 2007.
  • T.S. Guzella, W.M. Caminhas, “A review of machine learning approaches to spam filtering”, Expert Systems with Applications, Vol. 36, pp. 10206–10222, 2009.
  • A. Herzberg, “DNS-based email sender authentication mechanisms: a critical review”, Computers and Security, Vol. 28, pp. 731–742, 2009.
  • Symantec Cloud (Message Labs), Research reports, available at http://www.symanteccloud.com, 2011.
  • Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, IETF Documents, available at http://tools.ietf.org/html/rfc4408, 2006.
  • Bounce Address Tag Validation (BATV), IETF Documents, available at http://tools.ietf.org/html/draft-levinesmtp-batv-01, 2008.
  • DomainKeys Identified Mail (DKIM) Signatures, IETF Documents, available at http://tools.ietf.org/html/rfc4871, 200
  • A.K. Seewald, W.N. Gansterer, “On the detection and identification of botnets”, Computers and Security, Vol. 29, pp. 45–58, 2010.
  • E.S. Mitchell, “Characterizing bots’ remote control behavior”, Proceedings of the 4th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp. 89–108, 2007.
  • P.H.C. Guerra, D. Guedes, W. Meira, C. Hoepers, M.H.P.C. Chaves, K.S. Jessen, “Spamming chains: a new way of understanding spammer behavior”, The 6th g Conference on Email and Anti-Spam, 2009.
  • C.A. Shue, M. Gupta, J.J. Lubia, C.H. Kong, A. Yuksel, “Spamology: a study of spam origins”, The 6th Conference on Email and Anti-Spam, 2009.
  • A. Cournane, R. Hunt, “An analysis of the tools used for the generation and prevention of spam”, Computers and Security, Vol. 23, pp. 154–166, 2004.
  • D. Boneh, “The difficulties of tracing spam email”. Technical report, Department of Computer Science, Stanford University, available at http://ftc.gov/reports/rewardsys/expertrpt boneh.pdf, 2004.
  • E. Harris, “The next step in the spam control war: Greylisting”, White Paper, available at http://projects.puremagic.com/greylisting/whitepaper.html, 2003.
  • Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, IETF Documents, available at http://tools.ietf.org/html/rfc575, 2010.
  • OpenPGP Message Format, IETF Documents, available at http://tools.ietf.org/html/rfc4880, 2007.
  • Certified Server Validation (CSV), IETF Documents, available at http://tools.ietf.org/id/draft-ietf-marid-csv-intro0txt, 2005.
  • Sender ID: Authenticating E-Mail, IETF Documents, available at http://tools.ietf.org/html/rfc4406, 2006.
  • P. Ostrihon, R. Rajabiun, “The robustness of new email identification standards”, COMDOM Software and York University, White Paper, available at http://www.virusbtn.com/pdf/conference slides/2008/Ostrihon-RajabiunVB200pdf, 2008.
  • Simple Mail Transfer Protocol, IETF Documents, available at http://tools.ietf.org/html/rfc5321, 2008.
  • ˙Istenmeyen Posta (Spam) ¨ Onleme Pilot C ¸ alı¸sma Sonu¸ cları, available at http://www.ttnet.com.tr/i/assets/docs/spam pilot calisma sunumu 27mayis.pdf, 2009.
  • The Domain Block Lists, Spamhaus Inc., available at http://www.spamhaus.org/dbl/, 2012.
  • The Apache SpamAssassin Project, Apache Inc., available at http://spamassassin.apache.org/. Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, J. Barker, “Detecting spam zombies by monitoring outgoing messages”, The 28th IEEE Conference on Computer Communications, pp. 1764–1772, 2009.
  • Open Source, Free, Community-Supported Security Solution, Endian Inc., available at http://www.endian.com. Postfix Project, available at http://www.postfix.org.
Turkish Journal of Electrical Engineering and Computer Science-Cover
  • ISSN: 1300-0632
  • Yayın Aralığı: Yılda 6 Sayı
  • Yayıncı: TÜBİTAK