衡量灰名单和非名单在打击垃圾邮件中的作用

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2016-06-01 DOI:10.1109/DSN.2016.57

Fabio Pagani, Matteo De Astis, Mariano Graziano, A. Lanzi, D. Balzarotti

{"title":"衡量灰名单和非名单在打击垃圾邮件中的作用","authors":"Fabio Pagani, Matteo De Astis, Mariano Graziano, A. Lanzi, D. Balzarotti","doi":"10.1109/DSN.2016.57","DOIUrl":null,"url":null,"abstract":"Spam has been largely studied in the past years from different perspectives but, unfortunately, it is still an open problem and a lucrative and active business for criminals and bot herders. While several countermeasures have been proposed and deployed in the past decade, their impact and effectiveness is not always clear. In particular, on top of the most common content-and sender-based anti-spam techniques, two minor approaches are popular among system administrators to cope with this annoying problem: greylisting and nolisting. These techniques exploit known features of the Simple Mail Transfer Protocol (SMTP) protocol that are not often respected by spambots. This assumption makes these two countermeasures really simple to adopt and, at least in theory, quite effective. In this paper we present the first comprehensive study of nolisting and greylisting, in which we analyze these spam countermeasures from different perspectives. First, we measure their world-wide deployment and provide insights from their distribution. Second, we measure their effectiveness against areal dataset of malware samples responsible to generate over 70% of the global spam traffic. Finally, we measure the impact of these two defensive mechanisms on the delivery of normal emails. Our study provides a unique and valuable perspective on two of the most innovative and atypical anti-spam systems. Our findings may guide system administrators and security experts to better assess their anti-spam infrastructure and shed some light on myths about greylisting and nolisting.","PeriodicalId":102292,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Measuring the Role of Greylisting and Nolisting in Fighting Spam\",\"authors\":\"Fabio Pagani, Matteo De Astis, Mariano Graziano, A. Lanzi, D. Balzarotti\",\"doi\":\"10.1109/DSN.2016.57\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Spam has been largely studied in the past years from different perspectives but, unfortunately, it is still an open problem and a lucrative and active business for criminals and bot herders. While several countermeasures have been proposed and deployed in the past decade, their impact and effectiveness is not always clear. In particular, on top of the most common content-and sender-based anti-spam techniques, two minor approaches are popular among system administrators to cope with this annoying problem: greylisting and nolisting. These techniques exploit known features of the Simple Mail Transfer Protocol (SMTP) protocol that are not often respected by spambots. This assumption makes these two countermeasures really simple to adopt and, at least in theory, quite effective. In this paper we present the first comprehensive study of nolisting and greylisting, in which we analyze these spam countermeasures from different perspectives. First, we measure their world-wide deployment and provide insights from their distribution. Second, we measure their effectiveness against areal dataset of malware samples responsible to generate over 70% of the global spam traffic. Finally, we measure the impact of these two defensive mechanisms on the delivery of normal emails. Our study provides a unique and valuable perspective on two of the most innovative and atypical anti-spam systems. Our findings may guide system administrators and security experts to better assess their anti-spam infrastructure and shed some light on myths about greylisting and nolisting.\",\"PeriodicalId\":102292,\"journal\":{\"name\":\"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2016.57\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2016.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

在过去的几年里，人们从不同的角度对垃圾邮件进行了大量的研究，但不幸的是，它仍然是一个悬而未决的问题，对犯罪分子和机器人牧人来说，它仍然是一个有利可图的活跃行业。虽然在过去十年中提出并实施了若干对策，但其影响和效力并不总是很明确。特别是，除了最常见的基于内容和发件人的反垃圾邮件技术之外，系统管理员还常用两种方法来处理这个恼人的问题:灰名单和非名单。这些技术利用了简单邮件传输协议(Simple Mail Transfer Protocol, SMTP)的已知特性，而这些特性通常不受垃圾邮件机器人的重视。这一假设使得这两种对策非常容易采用，而且至少在理论上相当有效。本文首次对非黑名单和灰名单进行了全面的研究，从不同的角度分析了这些垃圾邮件的对策。首先，我们衡量它们在全球的部署情况，并从它们的分布情况中提供见解。其次，我们根据恶意软件样本的真实数据集衡量它们的有效性，这些样本负责产生超过70%的全球垃圾邮件流量。最后，我们测量了这两种防御机制对正常电子邮件传递的影响。我们的研究为两个最具创新性和非典型的反垃圾邮件系统提供了独特而有价值的视角。我们的发现可以指导系统管理员和安全专家更好地评估他们的反垃圾邮件基础设施，并揭示一些关于灰名单和非名单的神话。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Measuring the Role of Greylisting and Nolisting in Fighting Spam

Spam has been largely studied in the past years from different perspectives but, unfortunately, it is still an open problem and a lucrative and active business for criminals and bot herders. While several countermeasures have been proposed and deployed in the past decade, their impact and effectiveness is not always clear. In particular, on top of the most common content-and sender-based anti-spam techniques, two minor approaches are popular among system administrators to cope with this annoying problem: greylisting and nolisting. These techniques exploit known features of the Simple Mail Transfer Protocol (SMTP) protocol that are not often respected by spambots. This assumption makes these two countermeasures really simple to adopt and, at least in theory, quite effective. In this paper we present the first comprehensive study of nolisting and greylisting, in which we analyze these spam countermeasures from different perspectives. First, we measure their world-wide deployment and provide insights from their distribution. Second, we measure their effectiveness against areal dataset of malware samples responsible to generate over 70% of the global spam traffic. Finally, we measure the impact of these two defensive mechanisms on the delivery of normal emails. Our study provides a unique and valuable perspective on two of the most innovative and atypical anti-spam systems. Our findings may guide system administrators and security experts to better assess their anti-spam infrastructure and shed some light on myths about greylisting and nolisting.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量