QUOTE
by Chester Wisniewski on September 30, 2011
Filed Under: Featured, Spam, Vulnerability
One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.
Yes, to a degree, anti-spam solutions may still look for v1@gr@ and Mrs. Gaddafi offering you $40 million, but the biggest bang for your buck comes from reputation.
What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you...
[attachment=14909:7.png]
Here is an example. You can see I have received six emails, all from "Picasa Web Albums" offering me some very spammy subjects. How do they do this? They are simply creating bogus accounts on Google Picasa, uploading a photo of their product, then "sharing" this photo with a personalized spammy message.
Even worse is the abuse of Yahoo! Groups. It has been standard practice for many years that mailing lists require you to confirm you want to subscribe.
Yahoo! Groups seems to have a mechanism built for the convenience of spammers, the ability to add anyone to a group without their permission. Here is an example invitation from a spammer:
[attachment=14910:8.png]
Upon receiving something like this you might think you could safely ignore it and not be subscribed. Instead when you read the fine print it explains you are already subscribed to this group and you have to opt-out to not receive messages.
Every time the spammer wants to reach you he can now depend on Yahoo! to send his message, digitally sign it with DKIM, have valid SPF records and successfully evade reputation-based spam filters.
Filed Under: Featured, Spam, Vulnerability
One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.
Yes, to a degree, anti-spam solutions may still look for v1@gr@ and Mrs. Gaddafi offering you $40 million, but the biggest bang for your buck comes from reputation.
What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you...
[attachment=14909:7.png]
Here is an example. You can see I have received six emails, all from "Picasa Web Albums" offering me some very spammy subjects. How do they do this? They are simply creating bogus accounts on Google Picasa, uploading a photo of their product, then "sharing" this photo with a personalized spammy message.
Even worse is the abuse of Yahoo! Groups. It has been standard practice for many years that mailing lists require you to confirm you want to subscribe.
Yahoo! Groups seems to have a mechanism built for the convenience of spammers, the ability to add anyone to a group without their permission. Here is an example invitation from a spammer:
[attachment=14910:8.png]
Upon receiving something like this you might think you could safely ignore it and not be subscribed. Instead when you read the fine print it explains you are already subscribed to this group and you have to opt-out to not receive messages.
Every time the spammer wants to reach you he can now depend on Yahoo! to send his message, digitally sign it with DKIM, have valid SPF records and successfully evade reputation-based spam filters.
Continued
http://nakedsecurity...to-spread-spam/
