Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

22957 Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection
Home Policy Brochure Browse Search User Area Contact Help

Moreira Moura, G.C. and Sperotto, A. and Sadre, R. and Pras, A. (2013) Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection. In: Proceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013, 27-31 May 2013, Ghent, Belgium. pp. 252-259. IEEE Communications Society. ISBN 978-1-4673-5229-1

Full text available as:


294 Kb
Open Access

Official URL:

Exported to Metis


The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam.

One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DACS: Design and Analysis of Communication Systems
Research Program:CTIT-DSN: Dependable Systems and Networks
ID Code:22957
Deposited On:06 February 2013
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item