Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Out of office feature exploited by spammers.

McAfee : 26 February, 2008  (Technical Article)
Using the web based out of office messages, spam generators have found a way to get around spam filters.
Adding another trick to their toolkit, spammers are now abusing the 'out of office' feature of Web-based e-mail services to relay their junk messages into the inboxes of unsuspecting Internet users.

McAfee Avert Labs has recently seen several instances where spammers set up Web-based e-mail accounts and configure auto responders with spammy messages. The miscreants then sent e-mail with fake 'from' addresses--the spam targets--to their newly created Web-mail accounts. The 'from' addresses subsequently receive the spammy 'out of office' notices.

This may sound like a convoluted way to send spam, but spammers do it to trick spam filters. An automatic reply from a well-known Web-based e-mail service will look legitimate to many spam filtering tools. Unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign e-mail messages, such as DKIM, DomainKey or Sender ID.

One spammer seen using this technique is advertising an adult Web site. The auto-responder spam does not look like a typical out of office reply. The message subject does always contain 'Re:' because that's added by the Web mail service, but the spammer controls the rest of the subject line and the message body text. In the examples McAfee Avert Labs has seen we could only determine that the mail is an auto responder by carefully looking at the e-mail headers.

'In recent weeks we have seen an increasing number of spam apparently sent by legitimate Web-based e-mail systems,' said Jeremy Gilliat, an Aylesbury, UK-based anti-spam engineer at McAfee. 'Interestingly we see spam from a number of accounts being abused in this way. I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer the capability to have lots of Web-mail accounts, all used to spam lots of people.'

The spam is being blocked by McAfee anti-spam products through a combination of header and message content checks.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo