Computer Crime Research Center


What Is The Next Step In The War On Spam?

Date: December 09, 2008

We all know that spammers will do what ever it takes to find a way to send their advertisements and scams to potential victims. Spammers are circumventing methods services like Gmail, HotMail, and Yahoo (NSDQ: YHOO)! use to stop automated spam to the point that even legitmate users of these services are unwitting victims anti-spam.

Larry Seltzer at eWeek posted a blog Spammers Sidestep SMTP about what happens when spammers start using free web based like Gmail, HotMail, and Yahoo! mail systems to send spam. Seltzer suggests new tests need to be developed to check for "humaness" or perhaps a change in how email is sent and received are potential solutions.

I got a call on Sunday from an InformationWeek visitor about a problem he is experiencing with forwarding spam email to [email protected], the Federal Trade Commissions email account for reporting spam and phishing. Ironically, he was also blocked by TechWeb’s anti-spam gateway for a bad reputation, hence the phone call. I asked him to forward me the email to my web account and guess where it ended up? If you guessed my spam folder, you would be right.

There are a couple of things going on that makes sending and receiving legitimate email bothersome. Public mail services like Gmail, Yahoo! and Hotmail to filter outbound email for potential spam sent from bogus accounts. That is a reasonable and a responsible action to take. But as we know with any anti-spam system, sometimes legitimate email gets caught in the mix; even email that is being sent to the an authorized spam reporting drop box like [email protected]

Then there is the problem with reputation filtering. Based on activity of your mail servers, or even your originating IP address, a mail server between you and your recipient give a network or mail server a bad reputation based on the actions of spammers using the network you are on. This is reputation filtering. Reputation filtering is problematic simply because it’s easy to get on a bad reputation list, hard to get off the bad reputation list, and in many cases, the recipient doesn’t even know their mail server has a bad reputation until someone calls and complains, like my caller this week-end.

Maintainers of reputation lists do try to ensure the accuracy of their bad reputation lists, but still, some good apples get on there. Worse, some anti-spam gateways will flag an email as coming from a bad reputation source if the IP address is anywhere in the email header fields. Since spammers use zombies on broadband connections, you can bet that your broadband network is on a bad reputation list. If your ISP’s mail gateway records your IP address in an email header, you could be given a bad reputation.

Anti-spam gateways should have a configuration option to not check IP address in full headers for bad reputation. But it’s not always set correctly. If you receive email from the Internet, then it should be disabled.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo