New ways of fighting spam
Fighting spam in not a chore for the slow-thinkers. As spammers adapt swiftly, so must the fighters, and HexView says there could be a good statistical chance to significantly lower amount of spam.
I love it when people are being intelligent, and best of all, I love it when they use it to make something good and helpful. HexView recently published a paper explaining how good old statistics can help us 'dramatically reduce spam'. The technique is known as Source Trust Prediction (STP):
"There are only two properties that spammers cannot forge: IP addresses of both ends of the TCP channel that is used to emit junk messages, this is our key to contain spam traffic. Before accepting a message, an MTA connects to the STP server and sends just one variable: source IP address of the client requesting SMTP session. STP also knows the IP address of the MTA. Other properties may be used for correlation (size of the message, count and sizes of attached files), but it will significantly impact performance of the STP server, so let's focus on just source and destination IPs. Another important parameter is the time of the request. STP server correlates this information with the data received from other MTAs and replies with a number that reflects how likely the sender is a junk mail source. The MTA then decides whether to drop or accept the message, or take other appropriate action."
In simpler words: spammers send spam in a rather predictable way, when we think in statistical and mathematical correlations. Patterns, which can be devised from this known behavior, can be used to effectively stop spam email traffic from getting sent in the first place.
If this sounds too good to be true to you, don't worry, there are some problems with the STP anti-spam technique. First, spammers can try to fight it, and second, it could be difficult to implement. The bright thinkers of HexView took this into consideration too, and you can read about it in the paper.
Leave a Reply