Blog: A Better Way to Shoot Down Spam

A Better Way to Shoot Down Spam
Technology Review (07/29/09) Kremen, Rachel

The Spatio-temporal Network-level Automatic Reputation Engine (SNARE) is an automated system developed at the Georgia Institute for Technology that can spot spam before it hits the mail server. SNARE scores each incoming email according to new criteria that can be gathered from a single data packet. The researchers say the system puts less pressure on the network and keeps the need for human intervention to a minimum while maintaining the same accuracy as conventional spam filters. Analysis of 25 million emails enabled the Georgia Tech team to compile characteristics that could be culled from a single packet of data and used to efficiently identify spam. They also learned that they could identify junk email by mapping out the geodesic distance between the Internet Protocol (IP) addresses of the sender and receiver, as spam tends to travel farther than legitimate email. The researchers also studied the autonomous server number affiliated with an email. SNARE can spot spam in seven out of 10 instances, with a false positive rate of 0.3 percent. If SNARE is deployed in a corporate environment, the network administrator could establish rules about the disposition of email according to its SNARE score. Northwestern University Ph.D. candidate Dean Malmgren questions the effectiveness of SNARE once its methodology is widely known, as spammers could use a bogus IP address close to the recipient's to fool the system. Likewise, John Levine of the Coalition Against Unsolicited Commercial Email warns that "spammers are not dumb; any time you have a popular scheme [for identifying spam], they'll circumvent it."

View Full Article