Online business Toolkit

Spammers hide behind a friendly face

Tags:
Corporate Filter,
Inbox,
Junk Email,
Pornography

Stefanie Olsen, CNET News.com CNet

Published: 15 Apr 2002 11:32 BST

Spam's newest pitches are coming to you courtesy of friends and co-workers -- or so it might seem.

In one of the latest marketing gimmicks circulating the Net, the sender comes disguised as a corporate network administrator with the subject line: "Your mailbox is over its size limit." Once opened, however, the email's message lewdly invites the recipient to view adult material.

Such spam tricks are designed to make spam harder to ignore -- an increasingly difficult task with sceptical consumers battling email overload. As a result, commercial messages with familiar-looking origins and subject lines are becoming the norm.

"This is extremely common now," said Steve Linford, who maintains a London-based blacklist of mass emailers called the Spamhaus Block List. Spammers are attempting to seem familiar "because so many people are getting suspicious about the email they get because they're getting flooded with spam."

Junk-mail senders are turning to new come-ons as consumers increasingly skip over messages with anonymous subject lines such as "Hi, remember me" or "Here's the information you requested." But even people on high spam alert find it difficult to slough off messages that appear to come from the sales or support staff at the recipient's own company.

So how do spammers create such a realistic facade? They typically use software designed to carry out forgeries, filling false information such as name and email address into the sender's mail client with each new attack. The software can be rigged to use the same email address to send and receive a piece of junk -- making it more common to view junk that appears to originate from you. It can also be used to hijack corporate domains such as cnet.com, a tactic aimed at convincing recipients that an email comes from a trusted source.

The method addresses two problems for the spammer. First, the spoofed address allows the email to get by corporate filters that seek to identify and block spam. Second, the message will more likely get opened by an employee who thinks it's from a co-worker.

Still, people can fight back. Linford said that in some states, such as California or Washington, deceptive spam is illegal, giving residents the right to take junk mailers to court. Most anti-spam laws prohibit mail with misleading subject lines and headers. In California, the penalty for deceptive spam is $500 per mailing.

The most difficult part of making such a case may be simply identifying the sender. Linford said that about 100 spammers produce nearly 90 percent of the junk mail sent today, but disguised addresses and other tactics make it difficult to link one of those spammers to a particular piece of mail.

Dan Birchall, executive director of advocacy group the SpamCon Foundation, suggests that recipients contact their Internet service provider to see if it is using proper filters to help stop the forgeries.

"You have to be a little bit sceptical," Birchall said.

For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.