Skip to content

Archives

‘Social networks’ spam filtering technique

Spam: /.: New Method of Spam Filtering: ‘A simple and easily implemented scheme for combating e-mail spam has been devised by two researchers in the United States. P. Oscar Boykin and Vwani Roychowdhury of the University of California, Los Angeles use their method to exploit the structure of social networks to quickly determine whether a given message comes from a friend or a spammer. The method works for only about half of all e-mails received – but in all of those cases, it sorts the mail into the right category.’

Abstract here. It appears it classifies 53% of the emails and leaves the other 47% as undiagnosed.

The problem with this scheme is that it relies on the data in the To, From, and CC fields being accurate. Currently, there’s no means to stop spammers faking those addresses.

A trivial way to get around this filter, similarly to the other filters that trust the From address, is for a spammer to send a message using your address in both the From and To fields. Most people would include themselves in their web of trust, hence the spam would get through.

A more resilient method uses IP addresses from the Received headers in conjunction with the From address. Once you do this, you can no longer use To and CC data — and the scheme becomes pretty much similar to SpamAssassin‘s auto-whitelist.