1. B@BEL: Leveraging Email Delivery for Spam Mitigation

2. Problems on Spam  Wealthy economy behind spam  77% of emails are spam  85% of spam are sent by botnets

3. Traditional Spam Detection  Content Analysis  Origin Analysis

4. Approach in Article  Focusing on the way that client interact with SMTP server

5. Overview  Techniques  System design  Evaluation  Limitations

6. Techniques  SMTP dialects  Feedback manipulation

7. SMTP dialects

8. Feedback Manipulation

9. Botnet also use feedback  Botmaster sends spam to bot  Bot sends spam to SMTP server  SMTP server sends spam to user or replies bot no such user exists  Bot replies bot master no such user exists  Bot master delete address of the user from user list

10. Importance  SMTP dialects Spam detection Malware classification  Feedback manipulation Successful botnets are using bot feedback 35% of the email addresses were nonexistent

11. System design  Learning SMTP dialects  Build a decision model  Making a decision

12. SMTP dialects state  D = Σ: input alphabet S : set of states s 0 : initial state T : transitions F g : good final states F b : bad final states

13. Learning SMTP dialects

14. Collecting SMTP conversations  Passive observation Two dialects might look the same!  Active probing Intentionally sending incorrect replies, error messages

15. Build a decision model

16. Making a decision  Passive matching Detect dialects by observing conversations  Active probing Send specific replies to “expose” differences

17. Evaluation  Experiment has 621,919 SMTP conversations  Results 260,074 as spam 218,675 as ham 143,170 could not decide

18. Result in real life

19. Limitations  Evading dialects detection Implement a “faithful” SMTP engine Making spammers to look like a legitimate client  Evading feedback manipulation

20. Conclusion  Focusing on the way that client interact with SMTP server SMTP dialects Feedback manipulation  Valuable tool for spam mitigation