A new trick from spammers utilizes accounts created on webmail services, with auto-responder messages established, to get junk mailings into people’s inboxes.
In the category of “spammers we’d like to see caned downtown and webcast on streaming video,” we learned about the latest little “advance” in spamming. It involves web-based email accounts set up on those free services, and a little sleight of hand.
Security vendor McAfee described how spammers utilize those services as they seek ways to evade security measures used to combat spam. First, the spammer sets up a web-based email account at a normally-trusted provider.
Then, they turn on the out of office feature and place their spam in the auto-response message field. To get the auto-response spam to recipients, the spammers send the webmail account messages faked to look like they come from the recipients.
The auto-responder dutifully replies with its out of office message to these “senders.” A McAfee spokesperson noted that since the replies come from a legitimate sender, with various safe signatures like DKIM, DomainKey or Sender ID in place, they may breeze past typical spam filtering technology.
“I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required,” Jeremy Gilliat, an Aylesbury, England-based antispam engineer at McAfee said in an email. “This gives the spammer the capability to have lots of Web-mail accounts, all used to spam lots of people.”
As McAfee detects and blocks these spams through checking header and message content, we expect other vendors to follow suit, if their products weren’t already stopping these auto-response spams from arriving.