RSS / Atom

Creative spamming

2003-04-06 , ,

height="100" align="right">Spammers will take up any opportunity to
get their advertisements through. The past few days I’ve been
receiving a lot of it using a bounce scheme. I first saw it around
1998, but I’ve had a dozen unique ones this week so it looks like some
crook has rediscovered it. It’s different than just sending a faked
bounce or getting one because a spammer hijacked your address to stuff
into the sender field because it subverts the correct operation of a
properly configured host to do the dirty work. It goes like this:

  • Spammer fakes message from you to a bunch of
    addresses. This looks just like someone is trying to fake you as being
    the sender. The addresses are probably not real, at least they don’t
    exist on the target mail host.
  • Target mail host refuses it, sending the bounce message to the
    purported sender- you.
  • You get bounce with original message content at the bottom and
    wonder what the hell happened.

You can distinguish this from the bounces produced by the hijacking of
a sender address by the headers but also because you only get a single
message, not a torrent of bounces from all over the world. Because
most of us want to see bounce messages and they are less common than
spam, our filters don’t flag the message and it ends up in the
inbox. Charming little bastards.


Commenting is closed for this article.