SNARE: A New Way to Fight Against Spam

July 29, 2009

(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before it even has a chance to fill up your inbox.

The creators of the software believe their program could work effectively as a first line of defense, combined with traditional email spam filters to wipe out the majority of spam.

Lead researcher Nick Feamster, assistant professor at Georgia Tech named the software SNARE or Spatio-temporal Network-level Automatic Reputation Engine. SNARE works more quickly, because it doesn’t analyze the content of an email, but instead looks at a single packet of data from the email sender.

The team analyzed 25 million e-mails collected by a service developed by McAfee to collate data on spam and malware. The researchers discovered that spam has certain characteristics that normal email does not have. They found that most spam was delivered using bots that only left the Simple Mail Transfer Protocol port open for delivering email.

Additionally, the IP addresses of spammers gave them away in two ways. Firstly, the researchers realized that many spammers use IP addresses that are numerically similar to other spammers. Secondly, most spam email tends to arrive a greater distance away from the geographic location of the recipient than regular mail.

The team also found that most spam arrives from a small select number of autonomous servers. When the researchers combined all of the unique characteristics associated with spam and incorporated them into SNARE, they ended up with a program that successfully detected spam 70 percent of the time, with a 0.3 percent false positive rate, which is comparable to traditional spam filters.

Co-researcher Shuang Hao, PhD candidate in computer science at the Georgia Institute of Technology is assisting Yahoo with improvements to its spam filtering system, armed with the new knowledge about spam gleaned from developing SNARE.

Some critics of SNARE contend spammers could easily circumvent the SNARE by changing IP addresses and other characteristics flagged by SNARE.

The entire team of SNARE developers is presenting their work on SNARE at the Usenix Security Conference next month in Montreal.

Source


Comments

8 Responses to “SNARE: A New Way to Fight Against Spam”

  1. Old Man Dotes on July 29th, 2009 4:35 pm

    Spammers can change IP addresses all they like; the majority of spam is sent using botnets, that is, PCs that are infested with viruses. Most of those PCs have dynamically-assigned IP addresses, so an SMTP server that rejects inbound email from dynamic IP addresses will knock out more than 80% of spam instantaneously.

  2. Spam Filter - Letters and blogs - The Guardian « Spam Filter on July 30th, 2009 9:51 am

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  3. Spam Software - Friend’s E-mail: - Sioux City Journal « Spam Software on July 30th, 2009 2:28 pm

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  4. Spam Software - Friend’s E-mail: - Journal Gazette and Times Courier « Spam Software on July 31st, 2009 10:53 am

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  5. Spam Software - Dutch Software Developer Fined a Quarter Million Euros for Spam - Softpedia « Spam Software on August 2nd, 2009 8:52 am

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  6. Spam Filter - SNARE: A New Way to Fight Against Spam - Chattahbox.com « Spam Filter on August 4th, 2009 7:31 am

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  7. Spam Software - Local e-mail spam alert - Rochester Sentinel « Spam Software on August 4th, 2009 7:32 am

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

  8. Spam Filter - It’s spam, but not as we know it - The Guardian « Spam Filter on August 4th, 2009 10:13 pm

    […] SNARE: A New Way to Fight Against Spam – Chattahbox.com(ChattahBox)—A group of researchers from the Georgia Institute of Technology have developed a new software program to fight against annoying spam, which works by analyzing a single packet of data based on certain criteria and identifies spam before […]

Got something to say? **Please Note** - Comments may be edited for clarity or obscenity, and all comments are published at the discretion of ChattahBox.com - Comments are the opinions of the individuals leaving them, and not of ChattahBox.com or its partners. - Please do not spam or submit comments that use copyright materials, hearsay or are based on reports where the supposed fact or quote is not a matter of public knowledge are also not permitted.