Spam has been largely studied in the past yearsfrom different perspectives but, unfortunately, it is still an openproblem and a lucrative and active business for criminals andbot herders. While several countermeasures have been proposedand deployed in the past decade, their impact and effectivenessis not always clear. In particular, on top of the most commoncontent-and sender-based anti-spam techniques, two minorapproaches are popular among system administrators to copewith this annoying problem: greylisting and nolisting. Thesetechniques exploit known features of the Simple Mail TransferProtocol (SMTP) protocol that are not often respected by spambots. This assumption makes these two countermeasures reallysimple to adopt and, at least in theory, quite effective. In this paper we present the first comprehensive studyof nolisting and greylisting, in which we analyze these spamcountermeasures from different perspectives. First, we measuretheir world-wide deployment and provide insights from theirdistribution. Second, we measure their effectiveness against areal dataset of malware samples responsible to generate over70% of the global spam traffic. Finally, we measure the impactof these two defensive mechanisms on the delivery of normalemails. Our study provides a unique and valuable perspective ontwo of the most innovative and atypical anti-spam systems. Ourfindings may guide system administrators and security expertsto better assess their anti-spam infrastructure and shed somelight on myths about greylisting and nolisting.
Measuring the role of greylisting and nolisting in fighting spam / F. Pagani, M. De Astis, M. Graziano, A. Lanzi, D. Balzarotti - In: Dependable Systems and Networks (DSN), 2016 46th Annual IEEE/IFIP International Conference on[s.l] : IEEE, 2016. - ISBN 9781467388917. - pp. 562-571 (( Intervento presentato al 46. convegno DSN tenutosi a Toulouse nel 2016 [10.1109/DSN.2016.57].
Measuring the role of greylisting and nolisting in fighting spam
A. LanziPenultimo
;
2016
Abstract
Spam has been largely studied in the past yearsfrom different perspectives but, unfortunately, it is still an openproblem and a lucrative and active business for criminals andbot herders. While several countermeasures have been proposedand deployed in the past decade, their impact and effectivenessis not always clear. In particular, on top of the most commoncontent-and sender-based anti-spam techniques, two minorapproaches are popular among system administrators to copewith this annoying problem: greylisting and nolisting. Thesetechniques exploit known features of the Simple Mail TransferProtocol (SMTP) protocol that are not often respected by spambots. This assumption makes these two countermeasures reallysimple to adopt and, at least in theory, quite effective. In this paper we present the first comprehensive studyof nolisting and greylisting, in which we analyze these spamcountermeasures from different perspectives. First, we measuretheir world-wide deployment and provide insights from theirdistribution. Second, we measure their effectiveness against areal dataset of malware samples responsible to generate over70% of the global spam traffic. Finally, we measure the impactof these two defensive mechanisms on the delivery of normalemails. Our study provides a unique and valuable perspective ontwo of the most innovative and atypical anti-spam systems. Ourfindings may guide system administrators and security expertsto better assess their anti-spam infrastructure and shed somelight on myths about greylisting and nolisting.
| File | Dimensione | Formato | |
|---|---|---|---|
|
07579772.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
513.24 kB
Formato
Adobe PDF
|
513.24 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
