'Out of office' messages turned into spam relays

Spammers find a new way to abuse webmail accounts.

By Matthew Broersma | Techworld
Published: 15:53 GMT, 26 February 08

Spammers have found a new trick that gets around many current anti-spam filters: abusing the "out of the office" auto-respond feature found in legitimate webmail services.

Security firm McAfee has come across several instances of the trick, the company said this week.

The spammer first signs up for a legitimate webmail account, switching on its auto-respond feature, with the spam text in place of the "out of the office" message.

The spammer then bombards the account with messages that have "from" addresses spoofed so that they appear to come from the desired recipients. The automatic responses are then sent to the spoofed addresses.

The advantage of the system is that the spam all comes from legitimate webmail accounts, with safeguards such as DKIM, DomainKey or Sender ID in place, meaning that the messages are able to get around many of the protections in place against more conventional spam techniques.

The spammers are likely to use automation techniques for creating the accounts and setting the responder text, meaning large numbers of accounts are likely to be at their disposal, according to McAfee.

The company is currently blocking auto-responder spam by analysing header and message content.

Comment

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Security news

Fake antivirus software using ransom threats

Locks 'infected' apps, then asks for money

02 September 2010

Russian Trojan blamed for credit card losses at US diner

Hundreds hit after PC becomes infected

Russian Police investigate million-dollar ransomware gang

Gang allegedly made $25,000 a month

Wikileaks servers move to nuclear bunker under Stockholm

One hundred feet under

Related Security reviews

AS Communication Gateway review

LOK-IT flash PIN drive

Stonewood Eclypt Freedom

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

IT Manager's guide to buying an anti-spam solution

With these ten critical questions as your guide, you can cut through the marketing hype and zero in on the key features and benefits that should guide your decision.

Download Whitepaper

Unleashing cloud performance

While cloud services aim to eliminate cost and complexity from the world of enterprise IT, the unintended consequences of these services may do exactly the opposite if not carefully planned for.

Download Whitepaper

Online PC backup

This paper looks at the need for laptop and desktop data protection and, based upon recent IDC research, the key requirements firms should consider in evaluating enterprise-level online PC backup solutions.

Download Whitepaper

Protecting your business, customers, and the bottom line

Download this whitepaper to find out more about how you can protect your business from malware.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

Watch
AMD LGF

AMD Opteron™ Resource Centre

Set the foundations for higher speed processing, low energy consumption whilst delivering flexibility and value to your organisation.

Learn More

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map

IDG Network

* *