A Memory-Based Approach to Anti-Spam Filtering for Mailing Lists
Information Retrieval
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Peeking into spammer behavior from a unique vantage point
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Support vector machines for spam categorization
IEEE Transactions on Neural Networks
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
Despite the number of existing solutions, spam still accounts for a large percentage of the email traffic on the Internet. Both the effectiveness and the impact of many common anti-spam techniques have already been largely studied and evaluated against multiple datasets. However, some of the less known solutions still lack a proper experimental validation. For example, Challenge-Response (CR) systems have been largely discussed, and often criticized, because they shift the effort to protect the user's mailbox from the recipient to the sender of the messages. In addition, these systems are believed to produce a lot of backscattered emails that further deteriorate the global Internet situation. In this paper we present the first comprehensive measurement study of a real anti-spam system based on a challenge-response technique. In our work we analyze a large amount of data, collected for a period of six months from over forty companies protected by a commercial challenge-response product. We designed our experiments from three different point of views: the end user, the system administrator, and the entire Internet community. Our results cover many different aspects such as the amount of challenges sent, the delay on the message delivery, and the likelihood of getting the challenge server blacklisted. Our aim is neither to attack nor to defend CR-based solutions. Instead, we hope that our findings will shed some light on some of the myths about these kind of systems, and will help both users and companies to take an informed decision on the topic.