Visible to the public Spam Domain Detection Method Using Active DNS Data and E-Mail Reception Log

Submitted by grigby1 on Mon, 02/10/2020 - 11:17am
TitleSpam Domain Detection Method Using Active DNS Data and E-Mail Reception Log
Publication TypeConference Paper
Year of Publication2019
AuthorsDan, Kenya, Kitagawa, Naoya, Sakuraba, Shuji, Yamai, Nariyoshi
Conference Name2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
ISBN Number978-1-7281-2607-4
Keywordsactive DNS, active DNS data, authentication, DKIM, DMARC, e-mail log analysis, e-mail reception log, Electronic mail, feature extraction, Human Behavior, human factors, Internet, IP networks, message authentication, Metrics, Postal services, pubcrawl, Scalability, sender domain authentication, sender IP address, spam detection, spam domain detection, spam mail, SPF, spoofed e-mails, supervised learning, system monitoring, Training, unsolicited e-mail
Abstract

E-mail is widespread and an essential communication technology in modern times. Since e-mail has problems with spam mails and spoofed e-mails, countermeasures are required. Although SPF, DKIM and DMARC have been proposed as sender domain authentication, these mechanisms cannot detect non-spoofing spam mails. To overcome this issue, this paper proposes a method to detect spam domains by supervised learning with features extracted from e-mail reception log and active DNS data, such as the result of Sender Authentication, the Sender IP address, the number of each DNS record, and so on. As a result of the experiment, our method can detect spam domains with 88.09% accuracy and 97.11% precision. We confirmed that our method can detect spam domains with detection accuracy 19.40% higher than the previous study by utilizing not only active DNS data but also e-mail reception log in combination.
URLhttps://ieeexplore.ieee.org/document/8754369
DOI10.1109/COMPSAC.2019.00133
Citation Keydan_spam_2019
Groups: