Skip to Main Content
This paper proposes a junk mail or spam detection technique called ASCI (abnormal SMTP command identification), which allows network administrators to cut off some spam traffic on email delivery. Our insight is that spamware usually generate special or abnormal packets deviating SMTP protocol for high throughout, while good users never do it. This characterization can be used to detect spam. ASCI is applied to two different volumes of email traffic data captured respectively near an email gateway and at a country-edged core router of a large commercial Internet service provider in China. Experimental results indicate that the method is effective and practical, with at least 11.4% reduction of email traffic for unwanted traffic.