Tackling parasitic (piggy-back) spam
Ashish Aggarwal Symantec
The tug-of-war between spammers and anti-spammers has been growing and getting stronger day by day. Where spammers adapt
themselves more easily to the advances in spam-filtering techniques, the anti-spam solution providers find it difficult
to cope with the new innovative ways of spamming. Today, spammers have become more effective and wise to the new
ways of spam filtering techniques and so there is a constant need for improving spam detection methods.
Interestingly,
the spam world has evolved not only in its content sophistication, but also in the methods by which it spreads. The most
recent spam, known as parasitic spam (P-spam), uses zombies to insert spam content into legitimate email. Such spam cannot easily
be detected by spam filters based on fingerprints because the spam content is mixed with legitimate content. Deleting such
messages is not an acceptable option. Server authentication techniques such as DKIM fail to address this problem because
the message moves across legitimate users. Reputation-based engines find it difficult to handle it because the user cannot
vote the whole email as spam. In short, the two basic problems that need to be addressed regarding P-spam are the
correct identification of spam sections within a mail and secondly, to hide or block only the spam section instead of the
entire message.
In this paper we discuss techniques to tackle this situation, such as email analytics where the users are tagged on the
basis of the message content exchanged over time; this information is useful in identifying sections of the mail that
have content which does not comply with the past. Email intra-section similarity can be used to identify spam sections
within an email. Reputation-based engines should be redesigned where users are asked to vote for those sections that
have been identified as suspect spam using techniques mentioned above. In order to hide or block spam sections the
email client software needs to look for custom tags added to each email section by spam filters and then render
the message accordingly (intelligent redaction).
