A pair of Georgia Tech researchers suggested this week that internet service providers (ISPs) might be able to fight junk email more efficiently at the network level rather than using message content filters.

"Content filters are fighting a losing battle because it's easier for spammers to simply change their content than for us to build spam filters.," said Nick Feamster, a Georgia Tech assistant professor of computing. "We need another set of properties, not based on content. So what about network-level properties? It's harder for spammers to change network-level properties."

Feamster and his doctorate student Anirudh Ramachandran spent 18 months studying internet routing and spam data in order to understand what the best network-level properties could be used to develop a spam filter design. During this time they collected a database of more than ten million spam e-mails to learn how these messages are being routed.

Feamster said that they were able to establish some key findings from the data. First among these is the fact that internet routes are frequently hijacked by spammers. Feamster and Ramachandran said they were able to identify many narrow ranges within internet protocol (IP) address spaces that are generating spam, as well as the ISPs from which the spam is coming.

"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."

Feamster said he belives that improvement in the security of internet routing protocols could help stem the spam flooding the modern inbox. He said he and BLANK continue to work on a collaborative, network-level filtering system that could work for ISP operators.

In the meantime Feamster and Ramachandran will present their findings on Thursday at the Association for Computing Machinery's annual flagship conference of its Special Interest Group on Data Communication (SIGCOMM).