Skip to Main Content
In recent years, spam mails intending for ``One-click fraud" or ``Phishing" have become increasing. As one anti-spam technology, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails that cannot be filtered by conventional DNSBLs get appearing since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To improve the accuracy of filtering spam mails using these techniques, we analyzed DNS record features corresponding to the domain name from the URLs in actual spam mails. According to the result of this analysis, we confirmed that abuse of Wildcard DNS record is one effective criterion for spam filtering.