IoTD: An approach to identify E-mails sent by IoT devices

Abstract

As the number of low-cost Internet-of-Things (IoT) devices increases dramatically in recent years, they have become ideal targets for E-mail spammers. Some network cameras are shipped to the market with default passwords. Operating systems of many IoT devices are often outdated or not well-configured. Those practices make IoT devices easy to be compromised. Some of these compromised IoT devices may be used for E-mail spamming. Hence, how to handle undesired connections from client IoT devices becomes an important issue for mail server administrators. Even though the whitelist or blacklist are adopted by a mail server only allowing to receive E-mails relayed from few trusted SMTP servers, such list-based approach apparently cannot be applied for global SMTP clients when considering to the flexibility and cost of list maintenance. For most mail servers providing SMTP for desktop, laptop, or mobile clients rather than IoT devices, this paper proposes a server-side approach, called IoT detector (IoTD), to detect E-mails which are sent from IoT devices. Because the majority of IoT devices are not used by human users to send E-mail, administrators of mail servers may consider the E-mail sent by an IoT device as spam directly if IoT clients are not expected. Experimental results show that IoTD can accurately detect E-mails sent by IoT devices. The accuracy evaluation among five IoT devices and two non-IoT devices of this study shows that all tests for these five IoT devices are true positives, and all tests for these two non-IoT devices are true negatives as well.