Early detection of outgoing spammers in large-scale service provider networks

Yehonatan Cohen, Daniel Gordon, Danny Hendler

Research output: Contribution to journalConference articlepeer-review

7 Scopus citations


We present ErDOS, an Early Detection scheme for Outgoing Spam. The detection approach implemented by ErDOS combines content-based detection and features based on inter-account communication patterns. We define new account features, based on the ratio between the numbers of sent and received emails and on the distribution of emails received from different accounts. Our empirical evaluation of ErDOS is based on a real-life data-set collected by an email service provider, much larger than data-sets previously used for outgoing-spam detection research. It establishes that ErDOS is able to provide early detection for a significant fraction of the spammers population, that is, it identifies these accounts as spammers before they are detected as such by a content-based detector. Moreover, ErDOS only requires a single day of training data for providing a high-quality list of suspect accounts.


  • classification
  • early detection
  • email service provider (ESP)
  • spam

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Early detection of outgoing spammers in large-scale service provider networks'. Together they form a unique fingerprint.

Cite this