Saturday, May 15, 2021

Stopping Spammers at The Point of Sale

A group of researchers from the University of California at San Diego (UCSD) offered up what they felt was a new and unique way to target spammers at the recent USENIX Security 2007 conference in Boston. As it turns out, their idea isn’t so new.

Spam most often takes the form of a sales pitch, selling everything from erectile dysfunction medication to penny stocks. Most of these spam messages include a link to follow to purchase whatever is being sold. And since P.T. Barnum was right, enough people follow the links to keep the spammers in business.

The researchers from UCSD’s creatively-titled Collaborative Center for Internet Epidemiology and Defenses, noted that while spam is often sent by bots (define) that go down within a day or so, the receiving site can be up for a week. So rather than play whack-a-mole with the bots, the UCSD group suggested going after the servers where suckers are directed to go.

“The availability of scam infrastructure is critical to spam profitability — a single takedown of a scam server or a spammer redirect can curtail the earning potential of an entire spam campaign,” the report said.

The researchers developed a technique called “spamscatter,” which analyzes spam mail and follows the links to their destination server, including any redirection mechanisms put in place. It’s not uncommon for people to be sent to a Yahoo Pages site, for instance, since people would inherently trust Yahoo.

Using a real-time spam feed of about 150,000 e-mails per day the study identified more than 2,000 distinct scams hosted across more than 7,000 distinct servers.

Great idea. But it’s already being done, points out Matthew Prince, CEO of Unspam, which is engaged in its own spam stomping projects by chasing after the sources. The largest project is called SURBL, or Spam URI Realtime Blocklists.

SURBL identifies the sites that spammers are sent to, and shares its list with other mail filter sites and also offers plug-ins to e-mail servers so Exchange and other servers can block e-mail based on the SURBL list.

“This is a powerful technology people have been working on for some time. I think this is a very good way of thinking about the spam problem because you want to focus on the narrowest points in the funnel of the spam chain,” said Prince. “While there are a lot of servers sending mail out, there are fewer servers actually hosting the pages they are trying to get people to go to.”

But this is not a complete solution to the problem, as few solutions in the war against spam are, he added. The more sophisticated spammers are using compromised servers to host pages and send the spam, which makes things more complicated. Pump and dump spam often don’t have a link so it’s trace the source on those, and other spam puts the link in an image, so there is no URL to follow.

This article was first published on InternetNews.com.

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...