| Summary: | 碩士 === 國立臺灣海洋大學 === 資訊工程學系 === 101 === While various anti-spam mechanisms had been proposed, spam is still one of major internet security threats nowadays. Very few efforts had been made on understanding the spam forwarding path information carried by spam mails. In this thesis study, we made an empirical study on spam forwarding paths. We characterized spam forward paths from three different aspects: length of the forwarding paths, mail acceptance of the FEMTA (first external MTA), and pair-wised consistency of the MTAs specified in a forwarding path. We evaluated the three characteristics of mail forwarding paths over three different data sets, including spam and non-spam messages. We try to find and understand different mail forwarding behaviors between spam and non-spam mails. Result of experiment shows that non-spam mails have high percentage of forwarding path length of two while most of spam mails are with forwarding path length of one, in aspect of distribution of forwarding path length. Also, we found that non-spam mails have higher degree of path consistency of in their forwarding paths. As for the mail acceptance test on the FEMTAs, we found both of spam and non-spam mails have low percentage of passing the mail acceptance test. Nonetheless, we argue that the reasons behind the low mail acceptance for the two cases are different. The cases for spam mails are most likely due to the FEMTAs are common user hosts but not servers. They are most likely to be spam bots. In contrast, the reasons why we failed in the mail acceptance test for these servers are that the FEMTAs might be used for sending mails only but not responsible for receiving mails.
|
|---|
