Most spam filters deployed on the receiver side are good at curbing email spam for end users, but help little to crack down the spamming sources. This work is intended to nip the spamming hosts in the bud. We collected the logs of SMTP sessions initiated from the hosts in the campus for half a year, and analyzed the activities of the hosts with the rates of successful deliveries and various types of failure messages in the sessions as the features. We use an incremental passive-aggressive learning algorithm to efficiently adapt the classifier to the latest spamming activities for detecting the spamming hosts. The detection accuracy can reach 93.5% after the classifier is adjusted in just few rounds. This design will be useful for the network administrators to reliably detect and crack down the internal spamming hosts.
Skip to main content
Skip to article
