Spammers are increasingly using 'out of office' features in web-based email to relay junk messages, security experts warned today. McAfee Avert Labs reported several instances where spammers set up web-based email accounts and configured auto responders with spam messages.
The scammers then send email with fake 'from' addresses to their newly created web mail accounts. The 'from' addresses subsequently receive the spam 'out of office' notices.
McAfee noted that, while this may sound like a convoluted way to send spam, it allows the fraudsters to trick spam filters.
An automatic reply from a well-known web-based email service will look legitimate to many spam filtering tools.
In addition, unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign email messages, such as DKI or Sender ID.
The auto-responder spam does not look like a typical out of office reply. The message subject always contains 'Re:' because it is added by the web mail service, but the spammer controls the rest of the subject line and the message body text.
"In recent weeks we have seen an increasing amount of spam apparently sent by legitimate web-based email systems," said Jeremy Gilliat, an anti-spam engineer at McAfee.
"I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer lots of web-mail accounts, all used to spam lots of people."
