CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 18th, 2008

Spammers Successfully Avoid IP Address-Based Reputation By Using Free E-mail Providers

Roaring Penguin Software Inc. analysis shows that spam coming from top free email providers (Gmail, Yahoo Mail and Hotmail) is increasing. Three weeks of spam data research between June 13 to July 3, 2008, reveal that spammers are abusing Gmail’s privacy preserving feature of not including the sender’s original IP in outgoing emails.

Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.

Roaring Penguin’s data shows that between June 13 and July 3, the percentage of US-originated spam originating from the top 3 free e-mail providers rose from about 2% to almost 4%. Roaring Penguin believes that spammers are using Google’s service in particular to send spam, relying on the fact that blacklisting Google’s servers is impractical for most organizations. According to their data, the probability that an e-mail originating from a Google server is spam rose from 6.8% on June 13 to 27% (!) on July 3.

Spammers and phishers are interested in clean IP reputation of free email providers and in the ability to freely create multiple bogus accounts that are being automatically registered by breaking the CAPTCHA based authentication. A CAPTCHA is a test designed to tell humans apart from computers (spam bots). It typically involves typing a word seen in an image or heard on an audio recording. All this allows them to reach the widest possible audience and ensure the successful receipt of their spam/scam.

David Skoll, CTO of Roaring Penguin Software, said: “The effectiveness of IP address-based reputation systems has increased the market value of a good IP address, making spam gangs concentrate their development efforts on breaking CAPTCHAs to create free e-mail addresses from which to spam. We predict a gradual but long-term decline in the effectiveness of IP address reputation systems.”

Share this item with others:

More on CyberInsecure:
  • Microsoft’s CAPTCHA Under Spammers Attack Again
  • Scammers Avoid Spam Detection By Using Redirection In Adobe Flash Files And ImageShack.com Free Hosting
  • Google Docs Abused In Latest Spam Technique
  • Spammers Domain Registrar EstDomains Receives ICANN Deactivation Notice
  • BitTorrent Users Are The Targets In New Anti-Piracy Scam Emails Spam

    • Posted in Google, Spam | Print This Post Print This Post

    This entry was posted on Friday, July 18th, 2008 at 3:20 pm and is filed under Google, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Spammers Successfully Avoid IP Address-Based Reputation By Using Free E-mail Providers

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »