Holding Root Entities Accountable for Spam
Executive Summary
Email spam remains a multi-billion-dollar problem, and current anti-spam systems focus almost exclusively on IP addresses and sending domains—metrics that sophisticated actors can easily rotate. This Field Note proposes a complementary enforcement layer: root entity accountability, which ties spam penalties to the ultimate beneficiary organization (the brand, merchant, or service provider profiting from the campaign) rather than the ephemeral infrastructure used to send it.
We examine the technical feasibility of this approach, review existing partial implementations (Spamhaus DBL's root-domain listing, BIMI/VMC brand verification), survey relevant academic research (RepuScore, Sandi, CHURN, SpamWeeder), and assess what is genuinely novel versus what already exists in industry practice. The goal is not to replace IP/domain reputation systems but to augment them with a persistent accountability mechanism that survives infrastructure churn.
Table of Contents
- The Problem: Infrastructure Churn and Attribution Failure
- Proposed Solution: Root Entity Accountability
- What Already Exists: Partial Implementations
- The DNS Toolchain That Makes This Possible Today
- Academic Context: What Researchers Have Proposed
- Technical Accuracy Notes
- Novelty Assessment
- Challenges and Mitigations
- Call to Action
The Problem: Infrastructure Churn and Attribution Failure
Current Anti-Spam Systems Focus on Infrastructure
Traditional anti-spam defenses operate at three primary layers:
- IP reputation: Blocklists (Spamhaus XBL, Barracuda, etc.) track sending IP addresses.
- Domain reputation: DNSBL services like Spamhaus DBL and SURBL list domains found in spam message bodies.
- Content filtering: Bayesian filters, machine learning classifiers, and heuristic rules analyze message content.
All three layers share a common weakness: they target ephemeral infrastructure rather than the persistent actor behind the abuse.
Snowshoe Spamming and ESP Reputation Masking
Snowshoe spamming—the practice of spreading spam volume across many IPs and domains to stay below detection thresholds—has been documented by anti-spam operators for over a decade 1. The technique is named after snowshoes, which distribute weight across a larger surface area to avoid sinking into snow. By keeping per-IP and per-domain volumes low, snowshoe spammers evade rate-based and reputation-based filters.
A modern variant of this technique involves outsourcing delivery to legitimate ESPs. When a spammer uses Mailchimp, SendGrid, or similar platforms, their messages inherit the ESP's established IP reputation. Individual spam reports may trigger account suspension at the ESP level, but the root entity can simply create a new account with a different ESP or use a different subdomain, effectively resetting their reputation to neutral.
The Attribution Gap
Current systems answer the question "Which IP/domain sent this spam?" but struggle with "Who profits from this spam, and have they done this before?" This attribution gap allows persistent bad actors to operate indefinitely by cycling through infrastructure faster than reputation systems can adapt.
Proposed Solution: Root Entity Accountability
Core Concept
Root entity accountability means identifying and tracking the ultimate beneficiary of an email campaign—the organization whose product, service, or brand is being promoted—and maintaining a persistent reputation score for that entity across all infrastructure they use.
Key principles:
- Beneficiary identification: Extract the root domain, brand name, merchant account, or other stable identifier that points to the profiting organization.
- Cross-infrastructure tracking: Link campaigns across different sending IPs, domains, and ESPs when they share the same beneficiary.
- Persistent reputation: Maintain reputation scores that survive infrastructure changes, domain rotations, and ESP switches.
- Graduated penalties: Apply escalating consequences (rate limiting, quarantine, block) based on cumulative abuse history rather than per-incident responses.
Identification Mechanisms
Several signals can be used to identify the root entity:
- Root domain in message body: The primary call-to-action domain (e.g.,
example.comregardless of whether the link ispromo.example.comorcampaign5.example.com). - WHOIS registration data: Registrant organization, email, or name server patterns (though privacy services complicate this).
- Payment processor/merchant IDs: For commercial spam, the payment gateway or merchant account is a stable identifier.
- Brand/trademark signals: Logos, brand names, and visual identity elements (detectable via computer vision or text analysis).
- BIMI/VMC certificates: For senders using Brand Indicators for Message Identification, the Verified Mark Certificate ties a specific trademark to a domain (see below).
- Campaign tracking headers: Some ESPs include proprietary headers (e.g.,
X-Mailchimp-Campaign-ID), though these are not standardized across platforms and are not designed for cross-ESP abuse reporting.
Enforcement Model
Once a root entity is identified and linked to spam activity:
- First offense: Warning flag; increased monitoring.
- Repeat offenses: Rate limiting (e.g., max 100 messages/hour from any infrastructure associated with this entity).
- Persistent abuse: Quarantine all messages from this entity regardless of sending infrastructure.
- Severe/ongoing abuse: Block all messages; require manual review and remediation before reputation restoration.
Reputation decay over time allows reformed senders to rebuild trust, but the decay rate should be slow enough that rapid infrastructure churn provides no advantage.
What Already Exists: Partial Implementations
The concept of root entity accountability is not entirely new. Several existing systems implement pieces of this approach, though none provide a comprehensive, cross-industry solution.
Spamhaus Domain Block List (DBL)
The Spamhaus DBL is a DNS-based blocklist of domains found in spam, phishing, and malware campaigns 1. Critically, DBL listings apply at the root domain level with wildcard subdomain inheritance. When example.com is listed, all subdomains (mail.example.com, promo.example.com, etc.) inherit the penalty automatically.
This is a meaningful partial implementation of root entity accountability: it ties reputation to the registered domain rather than individual subdomains or sending IPs. However, DBL does not track cross-domain patterns (e.g., when the same organization registers multiple root domains) or link reputation across different brands owned by the same entity.
Gap: An actor can still evade DBL by registering new root domains. The system does not maintain a persistent organizational identity across domain rotations.
BIMI and Verified Mark Certificates (VMC)
Brand Indicators for Message Identification (BIMI) is an emerging email standard that allows senders to display their brand logo in the recipient's inbox, contingent on strong authentication (DMARC policy of quarantine or reject) and a Verified Mark Certificate (VMC) issued by a trusted certificate authority 2.
VMCs tie a specific registered trademark to a domain, creating a cryptographically verifiable link between brand identity and email infrastructure. This is the closest existing mechanism to brand-level accountability in production email systems.
- Authentication requirement: BIMI requires DMARC with
p=quarantineorp=reject, ensuring strong anti-spoofing controls. - Trademark verification: The VMC process requires proof of trademark ownership, linking the domain to a legally registered brand.
- Visual trust signal: Recipients see the brand logo, making impersonation more difficult.
Gap: Adoption is voluntary—abusers have no incentive to participate. VMCs also do not link reputation across multiple domains owned by the same trademark holder.
Google Postmaster Tools
Google Postmaster Tools provides domain-level reputation metrics to senders. This tracks reputation at the domain level rather than the IP level—a step toward entity-level accountability—but it is sender-facing only, domain-scoped, and platform-specific. Each major mailbox provider maintains separate, non-interoperable reputation systems.
ESP-Level Account Policies
Major ESPs maintain internal abuse detection and account suspension policies. When spam reports or bounce rates exceed thresholds, the ESP may suspend the account. This is entity-level accountability within a single platform, but it does not extend across ESPs. An actor suspended by Mailchimp can immediately sign up with SendGrid and start fresh.
The DNS Toolchain That Makes This Possible Today
Here's the uncomfortable truth: the tools to trace spam back to its root entity already exist. They're production-grade, battle-tested, and used daily by threat intelligence teams, law enforcement, and brand protection firms. What's missing isn't the technology—it's the workflow that connects these tools into a unified spam-reporting pipeline.
Let's walk through the real toolchain and show exactly how you'd trace a spam message to its sponsoring organization right now.
The Tools: What They Do and Why They Matter
1. DomainTools Iris Investigate
What it is: A commercial threat intelligence platform with 20+ years of passive DNS data, WHOIS history, and infrastructure correlation 3.
What it contributes to root entity attribution:
- Passive DNS lookups: See every IP address a domain has ever resolved to, revealing infrastructure pivots over time.
- WHOIS history: Track registrant details, name servers, and registrar patterns—even after privacy redaction kicks in.
- Infrastructure pivoting: Given one suspicious domain, find all related domains sharing the same registrant email, name server, SSL certificate, or IP block.
- Risk scoring: Predictive algorithms flag newly registered domains or those with suspicious patterns before they're widely abused.
- 97%+ internet visibility: Comprehensive coverage means you're not missing infrastructure in less-monitored regions 3.
Why it matters: When a spammer rotates domains, Iris can link promo-deal-2024.com to super-offer-now.com because they share a registrant email, name server pattern, or were registered in a batch. This is cross-domain attribution in action.
2. Farsight DNSDB (now part of DomainTools)
What it is: The world's largest passive DNS database, capturing real-time and historical DNS resolution data 4.
What it contributes:
- Historical DNS resolution: See how domains and IPs were connected in the past, even if the records have since changed.
- Temporal correlation: Identify when a spammer pivoted from one IP block to another, or when a domain's MX records suddenly changed to a known spam-friendly host.
- Behavioral fingerprinting: Detect patterns like "this domain was registered, pointed to a bulletproof hosting provider for 48 hours, then went dark"—a classic spam domain lifecycle.
Why it matters: Spammers rely on infrastructure churn. Farsight DNSDB turns that churn into a traceable pattern rather than an evasion tactic.
3. RDAP (Registration Data Access Protocol)
What it is: The successor to WHOIS, now the ICANN-mandated standard for domain registration lookups as of 2025 5.
What it contributes:
- Structured, machine-readable data: Unlike WHOIS's inconsistent text format, RDAP returns JSON, making automated correlation feasible.
- Privacy-aware but law-enforcement-accessible: Public queries are redacted under GDPR, but law enforcement and accredited researchers can request unredacted data via ICANN's SSAD (System for Standardized Access/Disclosure) 5.
- Registrar and registry metadata: Even when registrant details are hidden, you can still see the registrar, registration date, and name servers—useful for clustering related domains.
Why it matters: RDAP is the authoritative source for "who registered this domain and when." Combined with passive DNS, it answers "who owns this infrastructure?"
4. Shodan and Censys
What they are: Internet-wide scanning engines that index publicly accessible services, including mail servers 6.
What they contribute:
- MX record enumeration: Identify all mail servers associated with a domain or IP block.
- Mail server fingerprinting: Detect when multiple domains share the same mail server infrastructure (a sign of shared ownership or a common ESP).
- TLS certificate correlation: Find domains using the same SSL certificate, revealing shared infrastructure or ownership.
Why they matter: When a spammer uses a dedicated mail server (not a major ESP), Shodan/Censys can map that server's entire customer base. If spam-domain-A.com and spam-domain-B.com both use the same obscure mail server in a bulletproof hosting ASN, that's a strong attribution signal.
5. Maltego
What it is: A visual OSINT (Open Source Intelligence) platform for graphing relationships between domains, IPs, emails, and people 7.
What it contributes:
- Graph-based pivoting: Start with a spam domain, visually explore its connections to registrant emails, name servers, IP addresses, and related domains.
- Integration with DomainTools, Shodan, and other data sources: Maltego acts as a unifying interface for querying multiple threat intelligence APIs and visualizing the results.
- Entity clustering: Automatically group related infrastructure into "clusters" representing likely common ownership.
Why it matters: Maltego turns raw data into actionable intelligence. Instead of staring at CSV files, you see a graph showing that 15 domains, 3 IP blocks, and 2 registrant emails all point to the same root entity.
DMARC's Organizational Domain: The Hidden Root Entity Mechanism
Here's something most people miss: DMARC already has a root entity concept built in—the organizational domain 8.
How it works:
- DMARC policies apply at the organizational domain level (e.g.,
example.com), not just the exact sending domain. - The
sp=tag in a DMARC record controls the policy for all subdomains (e.g.,promo.example.com,newsletter.example.com). - Alignment checks (
adkim=for DKIM,aspf=for SPF) determine whether a subdomain or related domain "counts" as the same entity for authentication purposes 8.
What this means:
- DMARC's organizational domain is a DNS-level root entity identifier. It says "these subdomains all belong to the same organization."
- The
sp=tag is a policy inheritance mechanism—exactly what root entity accountability needs. - DMARC aggregate reports (
rua=) already provide cross-infrastructure visibility: domain owners receive reports showing all IPs and domains sending mail claiming to be from their organization 8.
The gap: DMARC tells you "someone is spoofing your domain," but it doesn't tell you "this domain is part of a spam operation." It's a defensive tool, not an offensive enforcement mechanism. But the infrastructure is there.
The Step-by-Step Workflow: Tracing Spam to the Root Entity
Let's make this concrete. You receive a spam email. Here's how you trace it to the root entity right now, using the tools above.
Step 1: Extract the Payload Domain
Open the spam email. Ignore the From: address (trivially spoofed). Look at the call-to-action link in the message body. Let's say it's https://mega-deal-2024.com/offer.
The root domain is mega-deal-2024.com. That's your starting point.
Step 2: Check Spamhaus DBL
Query mega-deal-2024.com against Spamhaus DBL:
$ host mega-deal-2024.com.dbl.spamhaus.org
If it returns 127.0.1.2 (spam domain) or NXDOMAIN (not listed), you have your first data point. If listed, note the return code—it tells you the abuse type (spam, phish, malware, etc.) 1.
Step 3: RDAP Lookup
Query RDAP for registration data:
$ whois -h whois.iana.org mega-deal-2024.com
Note the registrar, registration date, and name servers. Even if registrant details are redacted, you now know:
- When the domain was registered (newly registered domains are high-risk).
- Where it's hosted (registrar and name servers).
Step 4: DomainTools Iris Investigate
Log into DomainTools Iris. Search for mega-deal-2024.com. Iris shows you:
- Passive DNS history: Every IP this domain has resolved to.
- Related domains: Other domains sharing the same registrant email, name server, or IP block.
- Risk score: Iris flags this domain as high-risk based on registration patterns.
You discover that mega-deal-2024.com shares a registrant email with super-offer-now.com, promo-blast-2024.com, and 12 other domains—all registered in the same week. That's your root entity cluster 3.
Step 5: Farsight DNSDB
Query Farsight DNSDB for historical DNS data on the shared IP block. You find that all 15 domains pointed to the same IP range (203.0.113.0/24) for 72 hours, then pivoted to a different IP block. This is a snowshoe spam pattern 4.
Step 6: Shodan/Censys
Search Shodan for the IP block 203.0.113.0/24. You find:
- An MX record pointing to
mail.spammy-host.net. - 200+ other domains using the same mail server.
- The mail server is hosted in a known bulletproof hosting ASN.
Attribution complete: You've now linked 15+ domains to a single mail server in a spam-friendly hosting environment. That's your root entity 6.
Step 7: Maltego (Optional)
Import your findings into Maltego. Generate a graph showing:
- The 15 domains.
- The shared registrant email.
- The shared IP block and mail server.
- The bulletproof hosting ASN.
Export the graph as evidence for your abuse report.
Step 8: Report to Spamhaus (or Your Blocklist of Choice)
Go to https://check.spamhaus.org. Submit all 15 domains with evidence:
- "These domains share registrant email
abuse@example.net, name serverns1.spammy-host.net, and mail servermail.spammy-host.netin ASN 64512 (known spam-friendly host). Passive DNS shows coordinated infrastructure pivots. Request DBL listing for root entity."
What happens next: Nothing automated. Spamhaus analysts review your report manually. If they agree, they list the domains. But there's no systematic root entity tracking—each domain is evaluated independently. If the spammer registers 15 new domains tomorrow, you start over.
The Gap: No Unified Spam-Reporting Workflow
Let's be clear: every tool in this workflow exists and works. DomainTools Iris, Farsight DNSDB, RDAP, Shodan, Maltego—they're all production-ready, widely used, and effective.
The problem: No one has connected them into a spam-specific reporting pipeline. Here's what's missing:
No standardized root entity identifier: DMARC's organizational domain is close, but it's not designed for cross-domain attribution. We need a canonical "root entity ID" that survives domain rotation.
No cross-ESP reporting: When you report spam to Spamhaus, you're reporting domains and IPs, not the entity behind them. There's no field for "registrant email" or "shared infrastructure cluster."
No automated clustering: DomainTools Iris can find related domains, but you have to query it manually. There's no system that says "when domain A is reported as spam, automatically check for related domains B, C, D and flag them too."
No reputation persistence: Spamhaus DBL listings expire when abuse stops. If a spammer goes quiet for 30 days, their domains delist—even though the entity is still a known bad actor. There's no "entity-level reputation" that persists across campaigns.
No feedback loop to ESPs: When you report spam sent via Mailchimp, Mailchimp suspends the account. But SendGrid doesn't know. There's no cross-ESP reputation sharing for customers (as opposed to sending IPs).
What This Means for Root Entity Accountability
The infrastructure is 90% there. What we need is:
- A standardized root entity reporting format: Extend abuse report schemas (e.g., ARF/Abuse Reporting Format) to include "related domains," "registrant patterns," and "infrastructure clusters."
- Automated correlation: When a domain is reported, automatically query DomainTools/Farsight/RDAP for related domains and flag them for review.
- Persistent entity reputation: Maintain a database of "known bad entities" identified by registrant email, name server patterns, or payment processor IDs—not just domains.
- Cross-ESP reputation sharing: Create a privacy-preserving system (e.g., hashed customer IDs) so ESPs can share "this customer was suspended for spam" without revealing PII.
The tools exist. The workflow doesn't. That's the gap this proposal aims to close.
Academic Context: What Researchers Have Proposed
The academic literature contains several proposals for moving spam reputation from infrastructure to sender identity. None use the exact term "root entity accountability," but the conceptual lineage is clear.
RepuScore (2007–2009): Proposed a sender-level reputation system that tracks the organization behind email campaigns rather than the sending IP. By tying reputation to authenticated sender identity, infrastructure churn becomes ineffective as an evasion tactic 910.
CARE (2010): Tracks reputation at the level of the sending organization using network-level features (AS number, IP allocation patterns) and behavioral signals to cluster infrastructure by organization 11.
Sandi (2024): A sender-level reputation system that tracks the authenticated sender domain (via DKIM/DMARC) and maintains reputation scores that persist across IP changes. Directly addresses the ESP reputation-masking problem by tracking the customer domain rather than the ESP's infrastructure 12.
SpamWeeder (2008): Proposes tracing spam back to its source distribution channels (affiliate networks, botnet controllers) by analyzing message content and infrastructure patterns—targeting the upstream distributor rather than the individual sending node 13.
CHURN (2016): Demonstrated that persistent actors often reuse infrastructure across campaigns. By tracking infrastructure reuse patterns (domains, IP addresses, WHOIS data, payment processors), it is possible to attribute seemingly unrelated campaigns to the same actor 14.
Bottom line from the literature: The core insight—that persistent identity tracking defeats infrastructure churn—is well-established in research. What is missing is widespread deployment at scale in production anti-spam systems.
Technical Accuracy Notes
The following technical claims have been validated or corrected against primary sources:
| Claim | Verdict | Notes |
|---|---|---|
SPF include mechanism links ESP reputation to brand domain | ✅ Accurate | SPF include:mailchimp.com means the brand domain authorizes Mailchimp IPs to send on its behalf. If Mailchimp's IPs get poor reputation, it can affect deliverability of mail claiming to be from the brand domain. |
| DMARC compliance as a "clean-up" step | ✅ Accurate | Implementing DMARC p=reject on the primary domain while using a separate sending domain is a real and common practice. |
| Reputation hit lands on the sending ESP/subdomain, not the brand | ✅ Accurate | Current systems penalize the sending infrastructure, not the commissioning brand. |
| Reporting to Talos only penalizes the offending domain/IP | ✅ Accurate | Talos Reputation Center tracks by IP and domain; no cross-entity attribution is publicly documented. |
| Spam success rate ~1% | ✅ Consistent with literature | Widely cited figure in spam research; represents the click/conversion rate, not delivery rate. |
X-Mailchimp-Campaign-ID header exists | ✅ Exists | Correction: This header exists but is not standardized across ESPs and is not designed for cross-platform abuse reporting. It cannot serve as a universal root entity identifier without additional standardization work. |
| WHOIS can link domains to registrants | ⚠️ Partially accurate | Caveat: WHOIS privacy protection services (now common) obscure registrant data. Passive DNS and infrastructure correlation are more reliable signals. |
| Legal-entity lookup via OpenCorporates/LEI | ✅ Technically feasible | These services exist. The challenge is mapping email domains to legal entities reliably—a non-trivial enrichment step. |
Novelty Assessment
What is genuinely new in this proposal:
The "root entity" framing: The specific concept of a persistent, cross-infrastructure, cross-ESP accountability layer tied to the ultimate beneficiary—not the infrastructure—does not appear in prior academic literature or deployed industry systems under that name or as a unified framework.
Practical synthesis: Combining ESP header forensics, passive DNS, WHOIS, trademark databases, and payment processor linkage into a unified root entity identification pipeline is not currently deployed at scale.
The policy argument: The argument that brands should be directly penalized in their own domain reputation (not just the ESP they hired) when they outsource spam is a clear and actionable policy position not currently reflected in any major blocklist or reputation system's stated methodology.
What already exists (honest accounting):
- Spamhaus DBL already does root-domain listing with subdomain inheritance — a partial implementation.
- Academic systems (RepuScore, CARE, Sandi) have proposed sender-level reputation for 15+ years.
- BIMI/VMC creates brand-to-domain cryptographic linkage.
- Snowshoe spamming (the underlying evasion technique) is well-documented.
Verdict: This is a meaningful incremental innovation that synthesizes existing techniques into a new enforcement framework and names a gap that the industry has not closed. It is not a fundamental discovery, but the synthesis and the policy argument are novel enough to be worth publishing and advocating for.
Challenges and Mitigations
| Challenge | Mitigation |
|---|---|
| WHOIS privacy obscures registrant data | Use passive DNS, infrastructure correlation, and content-based signals |
| False attribution (shared hosting, multi-tenant ESPs) | Require multiple corroborating signals before applying penalties; implement appeals |
| Spammers create new shell companies/domains | Reputation decay should be slow; related-entity clustering should escalate penalties |
| ESP reluctance to share customer-ID data | Privacy-preserving hashes or zero-knowledge proofs; regulatory pressure |
| GDPR and data minimization | Limit tracking to abuse cases; implement retention limits and transparency |
| Scalability of real-time root entity lookup | Tiered filtering: apply root entity checks only after IP/domain filters pass |
Call to Action
If you run a reputation service, operate an ESP, or simply care about a cleaner inbox:
- Advocate for enrichment: Push your spam-filter vendors to accept and act on sponsor-attribution data.
- Demand transparency: Ask ESPs to provide optional, privacy-safe headers that link campaigns to customer accounts.
- Report the root: When you submit spam to Talos, Spamhaus, or similar, include any evidence pointing to the sponsoring brand (e.g., "This blast cites Acme Corp's newsletter and links to acmecorp.com").
- Support BIMI/VMC adoption: If you're a legitimate sender, get your VMC. It's the first step toward a world where brand identity is cryptographically accountable in email.
- Educate peers: The more eyes that see this loophole, the faster we can close it.
If your organization needs help hardening its email authentication or untangling a deliverability problem, our team handles DMARC, SPF, and DKIM end to end.
In short: Spam will only truly die when we stop punishing the messenger and start holding the mastermind accountable. Let's build reputation systems that follow the money—and the intent—back to the root entity, so the math of spam finally adds up against those who profit from it.
References
Spamhaus Project. (n.d.). The Domain Block List (DBL). Retrieved June 17, 2026, from https://www.spamhaus.org/blocklists/domain-blocklist/
Mailhardener. (n.d.). BIMI: Brand Indicators for Message Identification. Retrieved June 17, 2026, from https://www.mailhardener.com/kb/bimi
DomainTools. (n.d.). Iris Investigate Platform. Retrieved June 17, 2026, from https://www.domaintools.com/
Farsight Security. (n.d.). DNSDB: Passive DNS Historical Database. Retrieved June 17, 2026, from https://www.farsightsecurity.com/solutions/dnsdb/
ICANN. (n.d.). Registration Data Access Protocol (RDAP). Retrieved June 17, 2026, from https://www.icann.org/rdap
Shodan. (n.d.). Shodan: The Search Engine for Internet-Connected Devices. Retrieved June 17, 2026, from https://www.shodan.io/
Maltego. (n.d.). Maltego: OSINT and Graphical Link Analysis. Retrieved June 17, 2026, from https://www.maltego.com/
DMARC.org. (n.d.). DMARC Overview. Retrieved June 17, 2026, from https://dmarc.org/overview/
Hao, S., Feamster, N., & Pandrangi, R. (2007). RepuScore: Collaborative reputation management framework for email infrastructure. ACM. https://scispace.com/papers/repuscore-collaborative-reputation-management-framework-for-xiaomd0zhy
Hao, S., & Kang, B. B. (2009). Towards sender accountability on email infrastructure using sender identity and reputation management. ACM. https://scispace.com/papers/towards-sender-accountability-on-email-infrastructure-using-13k3g1i4eo
Ramachandran, A., & Feamster, N. (2010). A collaboration-based autonomous reputation system for email services. IEEE INFOCOM. https://doi.org/10.1109/INFCOM.2010.5461948
Borgolte, K., et al. (2024). Sandi: A system for accountability in email delivery. arXiv. https://doi.org/10.48550/arxiv.2401.16759
Ouyang, T., & Rabinovich, M. (2008). Weeding spammers at the root: A precise approach to spam reduction. IEEE INFOCOM. https://doi.org/10.1109/INFOCOM.2008.4544636
Thomas, K., et al. (2016). Understanding cross-channel abuse with SMS-spam support infrastructure attribution. Springer. https://doi.org/10.1007/978-3-319-45744-4_1
This Field Note reflects research and industry practices as of June 2026. Email authentication standards, anti-spam techniques, and regulatory frameworks continue to evolve.