Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Out of office feature exploited by spammers.

McAfee : 26 February, 2008  (Technical Article)
Using the web based out of office messages, spam generators have found a way to get around spam filters.
Adding another trick to their toolkit, spammers are now abusing the 'out of office' feature of Web-based e-mail services to relay their junk messages into the inboxes of unsuspecting Internet users.

McAfee Avert Labs has recently seen several instances where spammers set up Web-based e-mail accounts and configure auto responders with spammy messages. The miscreants then sent e-mail with fake 'from' addresses--the spam targets--to their newly created Web-mail accounts. The 'from' addresses subsequently receive the spammy 'out of office' notices.

This may sound like a convoluted way to send spam, but spammers do it to trick spam filters. An automatic reply from a well-known Web-based e-mail service will look legitimate to many spam filtering tools. Unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign e-mail messages, such as DKIM, DomainKey or Sender ID.

One spammer seen using this technique is advertising an adult Web site. The auto-responder spam does not look like a typical out of office reply. The message subject does always contain 'Re:' because that's added by the Web mail service, but the spammer controls the rest of the subject line and the message body text. In the examples McAfee Avert Labs has seen we could only determine that the mail is an auto responder by carefully looking at the e-mail headers.

'In recent weeks we have seen an increasing number of spam apparently sent by legitimate Web-based e-mail systems,' said Jeremy Gilliat, an Aylesbury, UK-based anti-spam engineer at McAfee. 'Interestingly we see spam from a number of accounts being abused in this way. I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer the capability to have lots of Web-mail accounts, all used to spam lots of people.'

The spam is being blocked by McAfee anti-spam products through a combination of header and message content checks.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo