I know, you bore of all this spam news. I do too. But, volume has increased yet again and I'm not just seeing it on my own servers, but also with Google App's and Postini.
Following the wave last month using the familiar looking 'Delivery Status Notification' (DSN) faking a bounced message, the spammers new technique appears to be using more familiar messages like Amazon order confirmations that look a lot like real Amazon orders. But it's getting a little scarier...
Last month (June 2010) we saw a lot of the non-deliverable messages that looked real, but had malicious links in them. I have not heard of any reports of the links bring anyone to virus farms, but they were certainly going to the pharma and sex sites, with other types of shopping thrown in.
Then came the Amazon orders, and iTunes purchases, that gave every indication in sender address and subject that they were real. And the messages in them read just like the normal confirmations we get from such online stores. But the links went elsewhere.
Using almost identical formatting of very popular messages seems to be giving the spam filters are hard time. The filters learn good and bad from all email. And for so long, Amazon (and others) have been seen as non-spam from the self-learning filters like SpamAssassin and Postini. There is more to filtering to that, but it is a big part. What these messages are doing is dressing up in a Postal Uniform, knocking on the door, and having you bring it in your home no questions asked-- he was wearing a uniform and name tag, and had a postal truck at the curb. Ooops, you've been spoofed.
I suspect we are heading towards more secure verification of mailservers, possibly raising the cost of email delivery from 'free' to 'not-so-free', if mailserver admins need to pay authentication fees to guarantee their servers follow 'Best Practices'.
Personal Profiling by Spammers?
I'm not one to try to scare anyone. I figure you have enough to fear because you know you haven't backed up your photos or music lately, so why add just a theory to the list. But, here is my theory: Spammers are using profiling techniques to target recipients.
No, they are not going through your garbage cans or tapping into your wireless network. They don't have to. Instead they can mine all the data they have on your address and see where you visit frequently. If they are not doing this yet, then I'm sorry I just gave them an idea, but lately I've seen evidence.
We all get those UPS and Bank Account alert emails, but we are pretty sure they are spam when they come from somewhere we don't have an account for. How many times have you gotten an email from Bank of America about unauthorized access, but you don't have an account at Bank of America? Well, the spammers just lost you as a potential victim.
Ahhh, but what if messages started to come from sites you are on? Not just Facebook or MySpace, but the lesser known niche sites like your sewing club, or that small local band site you are a fan of. Imagine getting an email from a small blog you follow, like www.compassdesigns.net. You are likely to open it since why would THAT be fake. Ooops.
Now, look at the subject manner of that blog, and the sites it might be associated with. Joomla.org huh? Joomla templates? Is your email address or anything relataed to YOU at those other sites? Well, look for fake messages from them now.
This week I started to receive these messages. Simple ones like 'thank you for your submission' or 'thank you for joining' or 'you have a new message in the community'. And, here's the big catch... the emails are in the format of those actual sites!
Treat All Email As Potential Fakes
We are coming down to needing to treat all email from each and every website we visit as potentially fake. The spammers / evil-doers take advantage of our trust of the familiar. The trick is to Trust No ONe, except that friend that sent you that email about Microsoft and AOL sending money to everyone that forwards this message.