'Out of office' messages turned into spam relays
Spammers find a new way to abuse webmail accounts.
By Matthew Broersma | Techworld | Published: 15:53, 26 February 2008
Spammers have found a new trick that gets around many current anti-spam filters: abusing the "out of the office" auto-respond feature found in legitimate webmail services.
Security firm McAfee has come across several instances of the trick, the company said this week.
The spammer first signs up for a legitimate webmail account, switching on its auto-respond feature, with the spam text in place of the "out of the office" message.
The spammer then bombards the account with messages that have "from" addresses spoofed so that they appear to come from the desired recipients. The automatic responses are then sent to the spoofed addresses.
The advantage of the system is that the spam all comes from legitimate webmail accounts, with safeguards such as DKIM, DomainKey or Sender ID in place, meaning that the messages are able to get around many of the protections in place against more conventional spam techniques.
The spammers are likely to use automation techniques for creating the accounts and setting the responder text, meaning large numbers of accounts are likely to be at their disposal, according to McAfee.
The company is currently blocking auto-responder spam by analysing header and message content.