Cyber Eye: Spammers stay a step ahead
- By William Jackson
- Sep 23, 2004
For spammers, the medium is the message.
A growing number of online solicitations use steganography'messages hidden within graphics that can slip past most spam filters. Spammers also appear to be among the early adopters of e-mail authentication protocols, which have been touted as a way to identify and block spam.
Those are some recent findings from e-mail security service providers.
The rapid adoption of sophisticated technology by spammers makes it likely that only rigorous legal enforcement can ever keep unwanted e-mail out of in-boxes.
Zero Spam Network Corp. of Miami reported that nearly 5 percent of the e-mail traffic it filtered last month had graphics-embedded messages. Text filters that look for specific words or word sequences let them through.
Some vendors have tried adding image blacklists to block known spam graphics, but the perpetrators are randomizing the images in copies of a message.
A pair of security vendors examined traffic caught by their spam filters in recent months and concluded that spammers have embraced the Sender Policy Framework, designed by the IT industry to detect domain spoofing in sender addresses.
According to CipherTrust Inc. of Alpharetta, Ga., 34 percent more spam messages passed SPF checks than did legitimate e-mail. MX Logic Inc. of Denver found that 16 percent of spam it studied came from senders with published SPF records.
SPF lets a domain holder publish in the Internet's Domain Name System a list of IP addresses from which e-mail can legitimately be sent. The technology still is in the early stages. A CipherTrust survey of Fortune 1,000 companies in April found only 11 of them had published an SPF. In August the number climbed to 31.
Although relatively few domains have published SPF records so far, nearly 5 percent of e-mail identified by CipherTrust as spam between May and August came from domains using SPF. Seventy-two percent of the addresses were genuine, indicating spammers used SPF more than the legitimate e-mailers did.
MX Logic's 16 percent figure came from examining more than 400,000 unique spam messages that passed through its filters from Aug. 29 through Sept. 3.
Even more appalling: 92 percent of all e-mail caught by MX Logic's filters in August was spam.
There is no single solution to the unwanted e-mail that clogs every organization's servers. Technology can be trumped, and law enforcement'difficult as it is'will be necessary to root out hard-core abusers.
The good news is that recent studies show a disproportionate percentage of U.S. spam comes from a handful of senders in this country, which makes them susceptible to prosecution under the CAN-SPAM law.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.