GA Tech Researchers Believe Spam Should be Fought at Network Level
Ericka Chickowski writes on SC Magazine Online:
A pair of Georgia Tech researchers suggested this week that internet service providers (ISPs) might be able to fight junk email more efficiently at the network level rather than using message content filters.More here.
"Content filters are fighting a losing battle because it's easier for spammers to simply change their content than for us to build spam filters.," said Nick Feamster, a Georgia Tech assistant professor of computing. "We need another set of properties, not based on content. So what about network-level properties? It's harder for spammers to change network-level properties."
Feamster and his Ph.D. student Anirudh Ramachandran spent 18 months studying [.pdf] Internet routing and spam data in order to understand what the best network-level properties could be used to develop a spam filter design. During this time they collected a database of more than 10 million spam e-mails to learn how these messages are being routed.
Feamster said that they were able to establish some key findings from the data. First among these is the fact that internet routes are frequently being hijacked by spammers. Feamster and Ramachandran said they were able to identify many narrow ranges within internet protocol (IP) address spaces that are generating only spam, as well as the ISPs from which the spam is coming.
"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."