Taxonomy of spamming techniques: Difference between revisions

From ASRG
Jump to navigationJump to search
(New page: this is a place holder until some real content can be added)
 
(Added social network spamming.)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
this is a place holder until some real content can be added
This page doesn't discuss types of spam, or reasons for spamming. It discusses the mechanisms that are used for spamming. If you operate a computer, or a computer network, you should be aware of these techniques in order that you can avoid becoming a source of spam.
 
==Spambots==
Domestic, broadband connected computers often have poor security policies, and reasonable bandwidth. Crucially, they're available in huge numbers. Most email spam is emitted by spambots - networks of compromised home computers with broadband connection, for example. Internet Service Providers can mitigate harm by blocking outbound port 25, or listing IP addresses in public Policy Blocklists. Email service providers can help by providing MSA services on port 587, and checking Policy Blocklists. An early example was the MAPS Dial-Up List (remember dial-up?). Providers of Policy Block Lists include SpamHaus
 
==Abuse of free email accounts==
Creation of email accounts at some email service providers can be automated. Such accounts are cheap and easy to register and use until they're shut down. Captcha tests are now in quite wide use, which makes this a slower and less profitable process. Email service providers can also limit the harm by rate limiting outbound mail for new accounts.
 
==Hijacking of other email accounts==
For example, through phishing. There was a spate of phishing incidents at academic institutions worldwide in early 2009, which may be ongoing. Account authentication details were obtained by phishing, and then used either for further phishing, or for sending fraudulent offers. Particularly vulnerable were webmail accounts, perhaps because you don't need any configuration information to use them, and because webmail servers  are easy to find. Some institutions have mitigated the harm by rate-limiting outbound email from webmail accounts, and from off-campus mail submissions.
 
==Compromise of corporate servers==
Corporate servers often have high bandwidth network connection, and good reputation. They typically have a method of emailing status reports to system administrators. This makes them good targets for spammers. Harm can be limited by blocking outbound port 25, and restricting email deliveries to local addresses.
 
==Abuse of web forms==
If a web form allows the user to specify a recipient address, and to determine the content of the email sent, then it can be used for spamming purposes. Harm can be mitigated by rate-limiting, by fixing the content or allowing very limited modification of content, or by fixing the recipient list.
 
Another common technique is to spam owners of web sites by posting the spam as a comment on an unrelated article, or as feedback or a help request.
 
==Social network spamming==
Social network sites like Twitter and Facebook are used for spamming. Spammers set up a profile with the URL of the web site they wish to advertise as their home page URL, and then 'friend' as many people as they can before the account is deactivated. Since by default users are e-mailed about friend requests, this results in e-mail to hundreds of users. Because the e-mail comes from a social networking site it is very hard for spam filters to distinguish it from a genuine friend request.
 
==Overenthusiastic marketing==
Some honest and otherwise reputable businesses emit spam (Unsolicited Commercial Email, for example) because they're careless about how they obtain or maintain their mailing lists, or how they use them.

Latest revision as of 10:15, 30 September 2010

This page doesn't discuss types of spam, or reasons for spamming. It discusses the mechanisms that are used for spamming. If you operate a computer, or a computer network, you should be aware of these techniques in order that you can avoid becoming a source of spam.

Spambots

Domestic, broadband connected computers often have poor security policies, and reasonable bandwidth. Crucially, they're available in huge numbers. Most email spam is emitted by spambots - networks of compromised home computers with broadband connection, for example. Internet Service Providers can mitigate harm by blocking outbound port 25, or listing IP addresses in public Policy Blocklists. Email service providers can help by providing MSA services on port 587, and checking Policy Blocklists. An early example was the MAPS Dial-Up List (remember dial-up?). Providers of Policy Block Lists include SpamHaus

Abuse of free email accounts

Creation of email accounts at some email service providers can be automated. Such accounts are cheap and easy to register and use until they're shut down. Captcha tests are now in quite wide use, which makes this a slower and less profitable process. Email service providers can also limit the harm by rate limiting outbound mail for new accounts.

Hijacking of other email accounts

For example, through phishing. There was a spate of phishing incidents at academic institutions worldwide in early 2009, which may be ongoing. Account authentication details were obtained by phishing, and then used either for further phishing, or for sending fraudulent offers. Particularly vulnerable were webmail accounts, perhaps because you don't need any configuration information to use them, and because webmail servers are easy to find. Some institutions have mitigated the harm by rate-limiting outbound email from webmail accounts, and from off-campus mail submissions.

Compromise of corporate servers

Corporate servers often have high bandwidth network connection, and good reputation. They typically have a method of emailing status reports to system administrators. This makes them good targets for spammers. Harm can be limited by blocking outbound port 25, and restricting email deliveries to local addresses.

Abuse of web forms

If a web form allows the user to specify a recipient address, and to determine the content of the email sent, then it can be used for spamming purposes. Harm can be mitigated by rate-limiting, by fixing the content or allowing very limited modification of content, or by fixing the recipient list.

Another common technique is to spam owners of web sites by posting the spam as a comment on an unrelated article, or as feedback or a help request.

Social network spamming

Social network sites like Twitter and Facebook are used for spamming. Spammers set up a profile with the URL of the web site they wish to advertise as their home page URL, and then 'friend' as many people as they can before the account is deactivated. Since by default users are e-mailed about friend requests, this results in e-mail to hundreds of users. Because the e-mail comes from a social networking site it is very hard for spam filters to distinguish it from a genuine friend request.

Overenthusiastic marketing

Some honest and otherwise reputable businesses emit spam (Unsolicited Commercial Email, for example) because they're careless about how they obtain or maintain their mailing lists, or how they use them.