Spammer success through customization and randomization of URLs

Author

Warner, Gary ; Rajani, Dhiraj ; Nagy, Mike

Author_Institution

Univ. of Alabama at Birmingham (UAB), Birmingham, AL, USA

fYear

2015

fDate

26-29 May 2015

Firstpage

1

Lastpage

6

Abstract

Spam researchers and security personnel require a method for determining whether the URLs embedded in email messages are safe or potentially hostile. Prior research has been focused on spam collections that are quite insignificant compared to real-world spam volumes. In this paper, researchers evaluate 464 million URLs representing nearly 1 million unique domains observed in email messages in a six day period from November 2014. Four methods of customization and randomization of URLs believed to be used by spammers to attempt to increase deliverability of their URLs are explored: domain diversity, hostname wild-carding, path uniqueness, and attribute uniqueness. Implications of the findings suggest improvements for “URL blacklist” methods, methods of sampling to decrease the number of URLs that must be reviewed for safety, as well as presenting some challenges to the ICANN, Registrar, and Email Safety communities.

Keywords

computer crime; unsolicited e-mail; Email Safety communities; ICANN communities; Registrar communities; URL blacklist methods; URL customization; URL deliverability; URL randomization; attribute uniqueness; domain diversity; email messages; hostname; malicious email; path uniqueness; real-world spam volumes; sampling methods; spam collections; spammer; wild-carding; Personnel; Pharmaceuticals; Safety; Security; Uniform resource locators; Unsolicited electronic mail; URL evaluation; domain registration; malicious email; spam;

fLanguage

English

Publisher

ieee

Conference_Titel

Electronic Crime Research (eCrime), 2015 APWG Symposium on

Conference_Location

Barcelona

Type

conf

DOI

10.1109/ECRIME.2015.7120799

Filename

7120799