Security Basics mailing list archives
Re: A interesting way to detect spam based on the proximity of the sender with the receiver
From: Kurt Buff <kurt.buff () gmail com>
Date: Fri, 31 Jul 2009 10:26:47 -0700
The research is interesting, but perhaps flawed - or rather, immature/premature. For instance, at $WORK, I have to accept pretty much everything that conforms to RFCs. This is because we sell to a world-wide set of resellers. Many/most of the resellers of our products, even in the US, are small businesses that don't have sophisticated IT infrastructure and "proper" static IP addresses. We're also trying hard to sell into non-first-world countries, and especially the BRICs nations, where the situation is even dicier. So, while the approach might prove useful as an addition to a scoring system like SpamAssassin, I certainly couldn't use it as a hard and fast block list. Kurt On Thu, Jul 30, 2009 at 11:09, Ali, Saqib<docbook.xml () gmail com> wrote:
I am not sure if this will work or not, but the research was interesting none-the-less. saqib http://kawphi.blogspot.com On Thu, Jul 30, 2009 at 11:02 AM, Shreyas Zare<shreyas () technitium com> wrote:Hi, This wont work in practical environment. Spammers are no dumb, they will make new trojan (or push a update!) which better emulates like a real mail server and get past this technique of spam identification in a matter of hours. And what about false positives? I feel it will block a lot of legitimate mails too as it is never seen by the mail server to check for any other thing like white list, SPF or domain keys. Just my 2 cents. Regards, On Thu, Jul 30, 2009 at 8:14 AM, Ali, Saqib <docbook.xml () gmail com> wrote:The research revealed that ham (legitimate e-mail) tends to come from computers that have a lot of channels, or ports, open for communication. Bots, automated systems that are often used to send out reams of spam, tend to keep open only the e-mail port, known as the Simple Mail Transfer Protocol port. The researchers [also] found that by plotting the geodesic distance between the Internet Protocol (IP) addresses of the sender and receiver--measured on the curved surface of the earth--they could determine whether the message was junk. Spam, the researchers found, tends to travel farther than ham. Spammers also tend to have IP addresses that are numerically close to those of other spammers. The Georgia Tech researchers also looked at the autonomous server (AS) number associated with an e-mail. (An AS number is assigned to every independently operated network, whether it's an Internet service provider or a campus network.) Knowing that a significant percentage of spam comes from a handful of autonomous server numbers, the researchers decided to integrate that characteristic into SNARE, too. Read more (very interesting stuff): http://www.technologyreview.com/communications/23086/page1/ saqib http://kawphi.blogspot.com-- ("If at first you don't succeed; call it version 1.0") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Join Sci-Tech News group and get the latest science & technology news in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news to join.------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- A interesting way to detect spam based on the proximity of the sender with the receiver Ali, Saqib (Jul 30)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Shreyas Zare (Jul 30)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Ali, Saqib (Jul 30)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Alex Craven (Jul 31)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Kurt Buff (Jul 31)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Ali, Saqib (Jul 30)
- Re: A interesting way to detect spam based on the proximity of the sender with the receiver Shreyas Zare (Jul 30)