Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Many end users protect themselves against e-mail harvesting using simple obfuscation techniques–for example, using “-at-” to replace the “@” symbol in an e-mail address. The researchers found that these methods frustrate current spam techniques surprisingly well. In addition, they found that submitting an e-mail address to a legitimate website rarely resulted in spam. “If you sign up with reputable organizations, you will be fine,” Shue says. “If you go to less reputable sites, then you will get spam.”

In a separate paper to be presented at the same conference, researchers from the Federal University of Minas Gerais (UFMG), in Brazil, and Brazil’s Network Information Center show that spammers tend to combine different techniques to hide the origin of their junk e-mail messages. While many spam groups have adopted the use of botnets to anonymize the source of their e-mail messages, a significant number use a chain of different compromised machines, according to Pedro Calais Guerra, a PhD student at UFMG.

“The key factor for a spammer to succeed in terms of hiding his identity on the network is to spread his activity as much as he can,” says Guerra, who believes that the team’s study could be used to help fight spam by identifying which messages should be blocked. “We think it may have an impact on the design of blacklists.”

Guerra and five other researchers monitored special servers, known as honeypots, collecting 525 million spam e-mail messages sent from more than 216,000 Internet addresses over a 15-month period. They found, for example, that nearly 95,000 machines used by spammers were end-user computers that relayed messages and not mail servers, a third of which were in the United States and a quarter in Taiwan.

The chains of computers used by the spammers to anonymize the origins of spam fell into two categories: open proxies and open relays. The open proxies are compromised servers that forward data to other computers on the network, hiding the sender’s address; open relays receive e-mail messages for another domain, passing the message to the next server. The researchers found that spammers typically use each open relay to forward e-mail for only a short time, to avoid having the e-mail server added to a blacklist.

“We show in our paper that spammers send high volumes of spam to open proxies but low volumes of spam to open relays,” UFMG’s Guerra says.

16 comments. Share your thoughts »

Credit: Technology Review

Tagged: Communications, Web, security, spam, e-mail, spammers

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me