Browse > Home / Blog article: ‘Out of office’ messages converted into spam relays

‘Out of office’ messages converted into spam relays

By Dave Nixon

February 26, 2008

Spammers have created a new deception that circumvents many existing anti-spam filters: exploitating the “out of the office” auto-respond feature found in legitimate webmail services.

Security firm McAfee has encountered numerous instances of the trick, the company said this week.

The spammer initially signs up for a legitimate webmail account, turning on its auto-respond feature, with the spam text in place of the “out of the office” message.

The spammer then showers the account with messages that have “from” addresses spoofed so that they seem to originate from the desired recipients. The automatic responses are then sent to the spoofed addresses.

The benefit of the system is that the spam all originates from legitimate webmail accounts, with protection such as DKIM, DomainKey or Sender ID in place, meaning that the messages are able to get around many of the protections in place against more predictable spam techniques.

The spammers are prone to use automation techniques for crafting the accounts and setting the responder text, consequently huge numbers of accounts are likely to be at their disposal, according to McAfee.

The company is presently blocking auto-responder spam by analysing header and message content.

Click here to discuss this: Security Forums

Filed Under Business Security, Computer Security, IT Security, Spam 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "‘Out of office’ messages converted into spam relays":



Comments

Got something to say?





Visited 392 times, 4 so far today