A Distributed Content Independent Method for Spam Detection

The amount of spam has skyrocketed in the recent past. Traditionally, spam was sent by single source mass mailers (spammers), making it relatively easy to screen out through the use of blacklists. Recently spammers started using botnets to send out the spam, rendering the blacklists ineffective. Although, content-based spam filters provide temporary relief, this is a never-ending cat-andmouse game between spammers and filter developers. We propose a distributed, content independent, spam classification system that is specifically aimed at botnet generated spam and can be used in combination with existing spam classifiers. Our proposed system uses source identification in combination with a peer-to-peer based distributed database to identify e-mails that are likely to have originated from botnets. The system is distributed in order to provide a robust defense against denial-ofservice attacks from the very same botnets. Lastly, our system is specifically designed to be used within the existing e-mail infrastructure. It does not require special hardware, changes to the underlying protocols, or changes to the mail transfer agents.