Evaluating Third-Party Bad Neighborhood Blacklists for Spam Detection

Giovane Moreira Moura, Anna Sperotto, R. Sadre, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    12 Citations (Scopus)
    87 Downloads (Pure)


    The distribution of malicious hosts over the IP address space is far from being uniform. In fact, malicious hosts tend to be concentrate in certain portions of the IP address space, forming the so-called Bad Neighborhoods. This phenomenon has been previously exploited to filter Spam by means of Bad Neighborhood blacklists. In this paper, we evaluate how much a network administrator can rely upon different Bad Neighborhood blacklists generated by third-party sources to fight Spam. One could expect that Bad Neighborhood blacklists generated from different sources contain, to a varying degree, disjoint sets of entries. Therefore, we investigate (i) how specific a blacklist is to its source, and (ii) whether different blacklists can be interchangeably used to protect a target from Spam. We analyze five Bad Neighborhood blacklists generated from real-world measurements and study their effectiveness in protecting three production mail servers from Spam. Our findings lead to several operational considerations on how a network administrator could best benefit from Bad Neighborhood-based Spam filtering.
    Original languageUndefined
    Title of host publicationProceedings of IFIP/IEEE International Symposium on Integrated Network Management 2013
    EditorsC. Seon Hong, Y. Diao, F. De Turk
    Place of PublicationUSA
    Number of pages8
    ISBN (Print)978-1-4673-5229-1
    Publication statusPublished - May 2013
    Event13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium
    Duration: 27 May 201331 May 2013
    Conference number: 13

    Publication series

    PublisherIEEE Communications Society


    Conference13th IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
    Abbreviated titleIM 2013
    Internet address


    • EWI-22957
    • IR-84179
    • METIS-296249

    Cite this