Roaring Penguin Software Inc. analysis shows that spam coming from top free email providers (Gmail, Yahoo Mail and Hotmail) is increasing. Three weeks of spam data research between June 13 to July 3, 2008, reveal that spammers are abusing Gmail’s privacy preserving feature of not including the sender’s original IP in outgoing emails.
Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.
Roaring Penguin’s data shows that between June 13 and July 3, the percentage of US-originated spam originating from the top 3 free e-mail providers rose from about 2% to almost 4%. Roaring Penguin believes that spammers are using Google’s service in particular to send spam, relying on the fact that blacklisting Google’s servers is impractical for most organizations. According to their data, the probability that an e-mail originating from a Google server is spam rose from 6.8% on June 13 to 27% (!) on July 3.
Spammers and phishers are interested in clean IP reputation of free email providers and in the ability to freely create multiple bogus accounts that are being automatically registered by breaking the CAPTCHA based authentication. A CAPTCHA is a test designed to tell humans apart from computers (spam bots). It typically involves typing a word seen in an image or heard on an audio recording. All this allows them to reach the widest possible audience and ensure the successful receipt of their spam/scam.
David Skoll, CTO of Roaring Penguin Software, said: “The effectiveness of IP address-based reputation systems has increased the market value of a good IP address, making spam gangs concentrate their development efforts on breaking CAPTCHAs to create free e-mail addresses from which to spam. We predict a gradual but long-term decline in the effectiveness of IP address reputation systems.”
More on CyberInsecure: