All the latest UK technology news, reviews and analysis
|
|
|
26 Feb 2008
Spammers are increasingly using 'out of office' features in web-based email to relay junk messages, security experts warned today.
McAfee Avert Labs reported several instances where spammers set up web-based email accounts and configured auto responders with spam messages.
The scammers then send email with fake 'from' addresses to their newly created web mail accounts. The 'from' addresses subsequently receive the spam 'out of office' notices.
McAfee noted that, while this may sound like a convoluted way to send spam, it allows the fraudsters to trick spam filters.
An automatic reply from a well-known web-based email service will look legitimate to many spam filtering tools.
In addition, unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign email messages, such as DKI or Sender ID.
The auto-responder spam does not look like a typical out of office reply. The message subject always contains 'Re:' because it is added by the web mail service, but the spammer controls the rest of the subject line and the message body text.
"In recent weeks we have seen an increasing amount of spam apparently sent by legitimate web-based email systems," said Jeremy Gilliat, an anti-spam engineer at McAfee.
"I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer lots of web-mail accounts, all used to spam lots of people."
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
(Roc Search - Network Support Engineer, 2nd line, 3rd...
3rd Line Engineer / Infrastructure Engineer - Berkshire...
MySQL SQL SERVER DBA / Database Administrator - Online...
PMO Analyst - Banking Client A financial organisation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Spam Filters don't work
As long as the Large Anti-Spamm companies continue to use Filtering, and Statistical scoring to determine their spam, the Spammers will continue to find ways to work around them. The solution is simple. Stop using Anti-Spam products that use statistical or jeyword filtering, and while your at it, stop using RBLs, since they are based on Statistics and negative reputation. Start looking at companies like Habeas, BoxSentry, Eleven, and others that use Positive reputation and in the case of BoxSentry, do not use Filtering or RBLs...
Posted by: Bill Pascuzzi 29 Feb 2008