- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Spammers have found a new trick that gets around many current antispam filters: abusing the "out of the office" auto-respond feature found in legitimate Webmail services (Compare antispam products).
Security firm McAfee has come across several instances of the trick, the company said this week.
The spammer first signs up for a legitimate Webmail account, switching on its auto-respond feature, with the spam text in place of the "out of the office" message.
The spammer then bombards the account with messages that have "from" addresses spoofed so that they appear to come from the desired recipients. The automatic responses are then sent to the spoofed addresses.
The advantage of the system is that the spam all comes from legitimate Webmail accounts, with safeguards such as DKIM, DomainKey or Sender ID in place, meaning that the messages are able to get around many of the protections in place against more conventional spam techniques.
The spammers are likely to use automation techniques for creating the accounts and setting the responder text, meaning large numbers of accounts are likely to be at their disposal, according to McAfee.
The company is currently blocking auto-responder spam by analyzing header and message content.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment