Monday, July 5, 2010

Spammers are using ISP mailservers

Not entirely new news, but this article tells of spammers sending spam through ISP mailservers via zombied machines on that ISPs customer network. The article does note that "it is official". Perhaps before it was merely speculation?

In the past, through malware, a spammer would get control of a machine on the net and then send out spam emails directly from that machine. ISPs caught on to this and started throttling using different ports for email and blocking the standard ones which the zombied machines used.
So now this new step, nothing terribly advanced, is the malware grabs the ISP mailserver settings from the machine and uses those to send out mail like a regular email client on the machine. Except that it is sending much more email out than most normal users would do.

The obvious solution for this is for ISPs to throttle the bandwidth allowed for mail from each account. But they can only do that so much before they are limiting their customers who are doing completely legitimate things and have no reason to be punished.
Another option would be to look for mail duplicates and after N number of times through for the same message, it starts to get blocked. Again, this is tough to actually implement because what about mailing lists, and also the spammers can add in random data into each message to make it slightly different than the last.

There is a good side to this, although not for the ISPs. The best ways to stop spammers is of course to prevent them from sending spam in the first place. One of the best ways to do just that is to put in hardware which tracks the mail for spam (there are hardware devices that have SpamAssassin on them, or variations of that sort of software) and then stops letting it through if it is spam. Both in AND out of the network - which is exactly what would help here.
The problem is that this hardware is not free, so ISPs have been slow in adopting it since they are like any company and want to maximize profits.

This newer development by the spammers potentially could cause more ISPs to install this type of hardware and hopefully slow spam (at least until the next innovation on the spammer's side).

No comments:

Post a Comment