Spam mail discrimination system based on behavior of DNS servers associated with URLs

Shuji Suwa; Nariyoshi Yamai; Kiyohiko Okayama; Motonori Nakamura; Keita Kawano; Gada

doi:10.1109/SAINT.2012.68

Spam mail discrimination system based on behavior of DNS servers associated with URLs

Shuji Suwa, Nariyoshi Yamai, Kiyohiko Okayama, Motonori Nakamura, Keita Kawano, Gada

Center for Information Technology and Management

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

Original language	English
Title of host publication	Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012
Pages	381-386
Number of pages	6
DOIs	https://doi.org/10.1109/SAINT.2012.68
Publication status	Published - 2012
Event	2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012 - Izmir, Turkey Duration: Jul 16 2012 → Jul 20 2012

Publication series

Name	Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012

Other

Other	2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012
Country/Territory	Turkey
City	Izmir
Period	7/16/12 → 7/20/12

Keywords

DNS
URL
e-mail
spam

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/SAINT.2012.68

Cite this

Suwa, S., Yamai, N., Okayama, K., Nakamura, M., Kawano, K., & Gada (2012). Spam mail discrimination system based on behavior of DNS servers associated with URLs. In Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012 (pp. 381-386). [6305315] (Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012). https://doi.org/10.1109/SAINT.2012.68

Spam mail discrimination system based on behavior of DNS servers associated with URLs. / Suwa, Shuji; Yamai, Nariyoshi; Okayama, Kiyohiko et al.
Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. p. 381-386 6305315 (Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Suwa, S, Yamai, N, Okayama, K, Nakamura, M, Kawano, K & Gada 2012, Spam mail discrimination system based on behavior of DNS servers associated with URLs. in Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012., 6305315, Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012, pp. 381-386, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012, Izmir, Turkey, 7/16/12. https://doi.org/10.1109/SAINT.2012.68

Suwa S, Yamai N, Okayama K, Nakamura M, Kawano K, Gada. Spam mail discrimination system based on behavior of DNS servers associated with URLs. In Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. p. 381-386. 6305315. (Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012). doi: 10.1109/SAINT.2012.68

Suwa, Shuji ; Yamai, Nariyoshi ; Okayama, Kiyohiko et al. / Spam mail discrimination system based on behavior of DNS servers associated with URLs. Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012. 2012. pp. 381-386 (Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012).

@inproceedings{734d738c0c9d4f2c935fb84bad1c194e,

title = "Spam mail discrimination system based on behavior of DNS servers associated with URLs",

abstract = "As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.",

keywords = "DNS, URL, e-mail, spam",

author = "Shuji Suwa and Nariyoshi Yamai and Kiyohiko Okayama and Motonori Nakamura and Keita Kawano and Gada",

year = "2012",

doi = "10.1109/SAINT.2012.68",

language = "English",

isbn = "9780769547374",

series = "Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012",

pages = "381--386",

booktitle = "Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012",

note = "2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012 ; Conference date: 16-07-2012 Through 20-07-2012",

}

TY - GEN

T1 - Spam mail discrimination system based on behavior of DNS servers associated with URLs

AU - Suwa, Shuji

AU - Yamai, Nariyoshi

AU - Okayama, Kiyohiko

AU - Nakamura, Motonori

AU - Kawano, Keita

AU - Gada,

PY - 2012

Y1 - 2012

N2 - As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

AB - As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain name in the URLs in actual spam mails. According to this analysis, in this paper we propose a spam mail discrimination system based on the behavior of DNS servers. Since the behavior checking process is likely to wait for a timeout, the system queries some records to a DNS server simultaneously and decides whether the mail is spam or not on receiving the first reply. In addition, the system also introduces a blacklist for the IP addresses of the DNS servers.

KW - DNS

KW - URL

KW - e-mail

KW - spam

UR - http://www.scopus.com/inward/record.url?scp=84867976210&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867976210&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2012.68

DO - 10.1109/SAINT.2012.68

M3 - Conference contribution

AN - SCOPUS:84867976210

SN - 9780769547374

T3 - Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012

SP - 381

EP - 386

BT - Proceedings - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012

T2 - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, SAINT 2012

Y2 - 16 July 2012 through 20 July 2012

ER -

Spam mail discrimination system based on behavior of DNS servers associated with URLs

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this