Detecting spam through their Sender Policy Framework records

Spamming has become one of the worst problems of email communication. Although various anti-spamming methods have been developed, because of creative spammers, none of them are able to stop the penetration of the innovated spam. The content-based anti-spam methods used for spam recognition require considerable amounts of computational resources. Therefore, less resource demanding methods are needed to match the growing number of spam. One example is network-based filtering, which is gaining importance. Sender Policy Framework (SPF) is a network protocol that can provide efficient network-based spam filtering. But, it is becoming evident that spammers have also started to manipulate SPF-based spam filtering. Presently, the spammers are purchasing domain names with SPF records to use them for sending spam. The only methods that can prevent such spam are the blacklist and content filtering techniques, or a blend of both. In the present study, the Domain Name System (DNS)/SPF records of spam-sending domain names are compared with nonspam-sending domain names, for improving SPF-based spam filtering. Research results show distinctive features between spam-sending and non-spam-sending domain names. Naive Bayes algorithmis utilized to identify spam-sending domain names. The time delay results of spam analysis shows that the devised SPF-based filtering offloads content filtering, significantly. Hence, our SPF-based method can act as a pre-filter that helps fighting spam. Copyright (C) 2015 John Wiley & Sons, Ltd.