Spam mail discrimination system based on behavior of DNS servers associated with URLs

Shuji Suwa, Nariyoshi Yamai, Kiyohiko Okayama, Motonori Nakamura, Keita Kawano, Gada

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

Original languageEnglish
Title of host publicationProceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012
Pages381-386
Number of pages6
DOIs
Publication statusPublished - 2012
Event2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012 - Izmir, Turkey
Duration: Jul 16 2012Jul 20 2012

Other

Other2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012
CountryTurkey
CityIzmir
Period7/16/127/20/12

Fingerprint

Websites
Servers
Fluxes
Botnet

Keywords

  • DNS
  • e-mail
  • spam
  • URL

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Suwa, S., Yamai, N., Okayama, K., Nakamura, M., Kawano, K., & Gada (2012). Spam mail discrimination system based on behavior of DNS servers associated with URLs. In Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012 (pp. 381-386). [6305315] https://doi.org/10.1109/SAINT.2012.68

Spam mail discrimination system based on behavior of DNS servers associated with URLs. / Suwa, Shuji; Yamai, Nariyoshi; Okayama, Kiyohiko; Nakamura, Motonori; Kawano, Keita; Gada.

Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. p. 381-386 6305315.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Suwa, S, Yamai, N, Okayama, K, Nakamura, M, Kawano, K & Gada 2012, Spam mail discrimination system based on behavior of DNS servers associated with URLs. in Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012., 6305315, pp. 381-386, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012, Izmir, Turkey, 7/16/12. https://doi.org/10.1109/SAINT.2012.68
Suwa S, Yamai N, Okayama K, Nakamura M, Kawano K, Gada. Spam mail discrimination system based on behavior of DNS servers associated with URLs. In Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. p. 381-386. 6305315 https://doi.org/10.1109/SAINT.2012.68
Suwa, Shuji ; Yamai, Nariyoshi ; Okayama, Kiyohiko ; Nakamura, Motonori ; Kawano, Keita ; Gada. / Spam mail discrimination system based on behavior of DNS servers associated with URLs. Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. pp. 381-386
@inproceedings{734d738c0c9d4f2c935fb84bad1c194e,
title = "Spam mail discrimination system based on behavior of DNS servers associated with URLs",
abstract = "As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.",
keywords = "DNS, e-mail, spam, URL",
author = "Shuji Suwa and Nariyoshi Yamai and Kiyohiko Okayama and Motonori Nakamura and Keita Kawano and Gada",
year = "2012",
doi = "10.1109/SAINT.2012.68",
language = "English",
isbn = "9780769547374",
pages = "381--386",
booktitle = "Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012",

}

TY - GEN

T1 - Spam mail discrimination system based on behavior of DNS servers associated with URLs

AU - Suwa, Shuji

AU - Yamai, Nariyoshi

AU - Okayama, Kiyohiko

AU - Nakamura, Motonori

AU - Kawano, Keita

AU - Gada,

PY - 2012

Y1 - 2012

N2 - As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

AB - As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

KW - DNS

KW - e-mail

KW - spam

KW - URL

UR - http://www.scopus.com/inward/record.url?scp=84867976210&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867976210&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2012.68

DO - 10.1109/SAINT.2012.68

M3 - Conference contribution

AN - SCOPUS:84867976210

SN - 9780769547374

SP - 381

EP - 386

BT - Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012

ER -