Spam Analysis and Reputation Project

1. Server Based Approach: Email Source Analysis

Design of server based approach and email source analysis module can be represented as follows:

As shown in figure 1.1, whenever a new email is received, the parser passes the message_id of the received message to Email Source Analysis module using a controller. Using that message_id, the sender's address of the message that is stored by the parser is extracted from the database. Friend list consists of all the addresses to which the mails have been sent from the mail server. This module queries the database in which the friend list is populated from the IMAP sent folder and compares the sender's address with all the entries in the friend list. If a match is found, the sender is classified as a friend of the server, otherwise non-friend. Corresponding results are stored in the database that can be used for further analysis.

Implementation

1. 'TO' is the table that stores the receiver's information retrieved form the message header. It is populated by the parser.

2. 'FROM' is the table that stores the sender's information retrieved form the message header. It is populated by the parser.

3. 'FRIEND_LIST' is the table that stores the addresses to which a mail has been sent and its corresponding server from which the mail has been sent. It will be populated using IMAP retrieval at regular intervals.

4. 'FRIEND_RESULT' is the table where the results obtained from this test are stored. It contains information about each received mail regarding whether it is from a known sender or not.