Thursday, January 29, 2009

All About Spam: Why am I sending spam??

All About Spam is a series of blog posts about common spammer techniques. Have a question about a type of spam that you'd like to see in a future blog post? Send an email to pobox@pobox.com!

The first time you see a piece of spam that's From: your own email address is a pretty scary moment. "Has my email address been hacked?!" Luckily, that's almost never the case. Unluckily, it's incredibly common to get your email address forged in spam.

The least troubling occurrence is when spammers forge spam to look like it's coming From: you. This is simply a method to sidestep spam filters -- many people make their own email address a trusted sender (or whitelist), and spammers are just exploiting that habit. (That's why you can't add your own Pobox address as a trusted sender!)

Sometimes, though, you may find yourself getting loads of bounce messages, and maybe even a complaint that you are spamming someone! A spammer has forged your email address, and spammed other people. This has two possible causes: backscatter, or a joe job.

Backscatter happens when a system accepts a message, then bounces it. This sends a bounce message to the email address in the headers. However, since most spam headers are forged, this means that the person who gets the bounce is almost never the person who actually sent the message. (Avoiding backscatter is the reason your Pobox filters can't bounce messages that have their content checked.) Most companies try to reduce backscatter, so if your email address is forged in spam, you may not even be aware of it, or you may just get a handful of bounced messages.

A joe job is a purposeful attack, designed to get many people angry at you. If you've been joe-jobbed, you'll know it -- many, many bounce messages, spam complaints, people threatening to call the Federal Trade Commission, Better Business Bureau, etc.

Like most spam, there isn't a good solution to spammers using your email address is their messages. Sender authentication (Sender ID, SPF and DKIM) is something that groups have been working on for years, but adoption is not nearly widespread enough for accurate filtering.


No comments:

Post a Comment