These anti-spam tactics include:
- Stricter implementation of filtering policies by service providers,
- Greater adoption by service providers and enterprises of authentication standards such as DKIM and SPF,
- More widespread use of reputation services that check senders’ reputation at the connection level before allowing an email connection to be initiated.
There are several methods spammers use to hijack good reputation, in order to make use of it to deliver their unwanted mail:
- Spammers sign up for thousands of free email accounts, through the use of compromised CAPTCHAs. CAPTCHAs (short for Completely Automated Public Turing test to tell Computers and Humans Apart) are word images used to ensure that a human being is filling out a registration form, as opposed to a machine. Algorithms to break CAPTCHAs are readily available to purchase for illicit use, enabling spammers to generate a nearly unlimited supply of free email accounts from which to send their messages, without intervention.
- In order to gain access to legitimate email accounts without registering them themselves, widespread phishing attacks can persuade enough unwary users to provide their legitimate credentials to criminals. The extensive outbreaks of this sort to the student populations at various universities were described in the second quarter 2008 trend report.
- Spammers often use legitimate hosting sites to host their illegitimate content. They can also create multiple redirection pages on these sites using compromised CAPTCHAs. Sites put in this awkward position recently include: live.com, tripod.com, and photoshosting.com.
Source: Commtouch Q3 2008 Email Threats Trend Report.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.