Spam comes from ‘bad neighbourhoods’: study

A landmark study by a Netherlands university has found that less than half a percent of ISPs sampled were responsible for around half the world’s spam.

Using data from the Composite Blocking List, Giovane Moura of the University of Twente’s Centre for Telematics and Information Technology monitored over 42,000 Autonomous System Numbers (ASNs) online. In one example, 60 percent of email addresses located at a small ISP in Nigeria were spam-related.

The findings of the research were enlightening. The IP addresses identifying the source of spam were sometimes similar, and in some cases could be found in similar geographic locations, leading to the concept of ‘bad neighbourhoods’ online that can form the targets of increased security measures.

Also revealed in the study was the fact that different kinds of malware are usually concentrated in certain parts of the world – southern Asia is responsible for most spam and the US is behind most phishing attempts.

Moura’s PhD study was completed using public records like CBL and some technical detective work, with the most sobering statistic of the thesis his discovery that just 20 ISPs represent almost 50 percent of all spam sources.

But while it seems like bad news, surely that makes the fight against spam easier? Unfortunately, finding the bas neighbourhoods online is only the first step in a protracted arms race between security experts and spammers.

“Absolutely not,” says Moura when asked if we should just pull the plug on the offending ISPs. “Blocking an ISP is a radical measure against any sort of Internet attack, since many legitimate users might be wrongly penalised.”

To outline what makes combating spam so difficult, Moura poses the example of both yourself and a colleague on the same email domain (ie your company’s mail server) receiving an email about a particular service). It might be spam for you because you’ve never used their service, but not your colleague, who has.

“The challenge to the mail filter is to determine if the message is spam or not based on context and who it’s targeting,” Moura says, “and that’s mostly not done yet. In cases of doubt, the rule is to classify it as legitimate. The fact that spam is still an ongoing problem and it has been for the past 15 years shows how complex the problem is.”

But there’s another dimension. An ISP can be almost completely used for spam, but it’s bad-guy users doing so, not the ISP itself – which might be a completely legitimate business. Again, blocking it might unplug innocent internet users.

“The best way to deal with these ISPs is to raise awareness so they can clean up their networks, motivate countries with no anti-spam legislation to pass it, and predict new sources of attacks so companies can protect networks,” Moura says. “Using bad neighbourhood-based approaches helps in predicating attacks from unforeseen sources based on its neighboring hosts behaviors, which can be used to develop efficient filtering algorithms.”

So when it comes to online, just like off, it pays to effectively police the dark corners.

Full client and publication list:

  • 3D Artist
  • APC
  • Auscam
  • Australian Creative
  • Australian Macworld
  • Australian Way (Qantas)
  • Big Issue
  • Black Velvet Seductions
  • Black+White
  • Bookseller & Publisher
  • Box Magazine
  • Brain World
  • Business News
  • Business NSW
  • Campaign Brief
  • Capture
  • Cleo
  • Cosmos
  • Cream
  • Curve
  • Daily Telegraph
  • Dark Horizons
  • Dazed and Confused
  • Desktop
  • DG
  • Digital Media
  • Disney Magazine
  • DNA Magazine
  • Empire
  • Empty Magazine
  • Famous Monsters of Filmland
  • Fast Thinking
  • FHM UK
  • Film Stories
  • Filmink
  • Follow Gentlemen
  • Geek Magazine
  • Good Reading
  • Good Weekend
  • GQ
  • How It Works
  • Hydrapinion
  • Inside Film
  • Loaded
  • M2 Magazine
  • Marie Claire Australia
  • Marketing
  • Maxim Australia
  • Men's Style
  • Metro
  • Moviehole
  • MSN
  • Nine To Five
  • Paranormal
  • PC Authority
  • PC Powerplay
  • PC Update
  • PC User
  • PC World
  • Penthouse
  • People
  • Pixelmag
  • Popular Science
  • Post Magazine
  • Ralph
  • Reader's Digest
  • ScienceNetwork WA
  • SciFiNow
  • Scoop
  • Scoop Traveller
  • Seaside Observer
  • SFX
  • Sydney Morning Herald
  • The Australian
  • The Retiree
  • The Sun Herald
  • The West Australian
  • TimeOut
  • Total Film
  • Video Camera
  • Video&Filmmaker
  • Writing Magazine
  • Xpress
  • Zoo