Slashdot Mirror

← Back to Stories (view on slashdot.org)

E-Mail Spam Goes Artisanal (bloomberg.com)

Posted by samzenpus on from the made-just-for-you dept.

An anonymous reader writes: Spam filters have come a long way over the past two decades — but spammers have, too. Though email providers are better than ever at blocking spam, it's still big business, with a lot of money to be made. Security researchers are seeing a new trend in spam: less volume, and better targeting. The article mentions "snowshoe" attacks, which occupy the middle ground between massive spam campaigns and tiny phishing attacks. "Craig Williams, a senior manager at Talos, said the amount of snowshoe spam has more than doubled in the past two years and now accounts for more than 15 percent of all junk messages distributed globally." Security researchers have been pushing for a unified registry to help deal with these mid-range spammers, but it's hard to get a significant portion of providers on the same page, particularly when many are fond of running their own solutions.

2 of 68 comments (clear)

  1. Re:Haven't seen this one in a while by Todd+Knarr · · Score: 2, Informative

    Fail.

    • It's not about stopping spam so much as detecting mail that's not being sent from the servers the purported domain owner says it should be coming from.
    • It doesn't require total cooperation.
    • There are no jurisdictional problems with implementing DKIM/DMARC, and they were designed to work with SMTP (although they'll work with any other mail protocol when it comes to that).
    • One of the goals is to reduce the profitability of spam.
    • DMARC doesn't require email headers, and DKIM's header doesn't need to be legislated for you to implement it. Yes, that means the spammers don't have to implement it, but that won't help them evade it since the whole point of DKIM is to make it impossible for spammers to implement the header correctly (they don't have the correct private key to generate the signature, only the legitimate domain owner has it).
    • There's no blacklist, and the only whitelist is of valid outgoing mail servers for a domain maintained by the domain owner (who ought to know what mail servers his domain uses).
    • It doesn't demand that you trust any servers. It tells you what servers the domain owner trusts to send mail for him. Whether you trust that list or not, you can still trust the important fact needed: any server not on that list should not be trusted to be sending mail from the domain.
  2. Not even the correct definition of Snowshoe.... by Temkin · · Score: 3, Informative

    A snowshoe spreads the load of the wearer over a larger area, making it less likely the wearer will exceed the crush strength of the snow and sink in.

    Snowshoe spam spreads the SMTP submission task across many IP addresses. So if one gets blocked, they can simply discard it and rent another to replace it. Change IP addresses every hour, and it gets difficult to update the block lists fast enough.