Blacklisting of spam distribution servers is becoming less effective as a means of spam control as bot nets of suborned machines continue to grow. The lists get very large and are constantly changing as machines join and drop off bot nets, and, in the case of automated blacklisting, users of innocent machines often lose connectivity due to listing against false positives. New approaches are needed to contain this growing problem, and one such is the subject of an experiment by the Dept. of Computer Science and Engineering at the University of California, San Diego. The researchers noted that spam is merely a means to a commercial end (a "scam"), and there must therefore be a server to which responses are delivered (a scam host). They have developed a technique they call "Spamscatter" to identify and categorise these scam hosts, and their findings suggest that scam hosts have common characteristics that could make their blacklisting more effective than the current blacklisting of bot net drones.
- Spamscatter: Characterizing Internet Scam Hosting Infrastructure (PDF), University of California, San Diego, research paper