Spammers marshal zombies to hijack ISP email servers
In a new twist to the spam arms race, spammers have discovered a new way of getting their message across. By using zombie networks to send spam via ISP’s servers, they can bypass one of the major tools used by spam filters.
Until now, the spammers have simply used a zombie machine to send emails directly. But sending via the ISP’s own server makes it more difficult to track down and block the source.
Users and ISPs have been alerted to the new technique by the anti-spam web site Spamhaus. It works by a compromised machine commanded to send a query to its ISP to discover the address of the host’s mail server. Once it has the address, it can then begin its career as a spam server. From the recipient’s point of view, the spam seems to come from the ISP. This makes it difficult in practice for traditional filters based on IP or mail address blacklists to block it.
Already Spamhaus is reporting an upsurge in junk email from the US coming from ISPs which indicate the spammers are enthusiastically deploying the new technique.
However, we aren’t about to be buried under a new deluge of spam if the ISPs take the right action now. Spamhaus recommends that ISP could restrict the amount of mail that a single user could send. It could use different servers for sending and receiving email to make it more difficult for the spammer to find out which was which or it could require each message to enable SMTP AUTH which requires a username and password before it can be sent.