Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

There is a Lot of Spam Out There...

Created: 09 Apr 2010 23:07:51 GMT • Updated: 23 Jan 2014 18:28:20 GMT
Dermot Harnett's picture
+1 1 Vote
Login to vote

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary lengths to hide their identity. Specifically, they may not forge or randomize email headers. These spam messages may not be sent from an IP that has been identified as a compromised zombie machine that is sending spam. These messages may not contain words or phrases that are purposely misspelled or obfuscated.
•    This spam marketing and newsletter email is often targeted towards a certain individual or a specific group of people within an organization. With the growth in social and professional networking sites it is more convenient for spammers to collect profile information and target an individual or specific demographic. Spammers can also use common search engines to determine the title and position of an individual within a certain organization. The spammers can then use the profile information collected to target the group with spam marketing and newsletter email that might ordinarily appeal to this demographic.
•    The senders of spam marketing and newsletter email may also be making the assertion that people (inadvertently or purposely) sign up for a lot of legitimate newsletters and marketing emails. It can sometimes be difficult for people to remember which legitimate newsletters and marketing emails that they have signed up for and spammers may be hoping that their spam gets lost among the legitimate marketing and newsletter emails.
•    These spammers often try and skirt around the edges of antispam laws such as the CAN-SPAM Act. Providing an opt-out is a requirement of the CAN-SPAM act. It should also be noted that honoring opt-out requests promptly is also a requirement—the senders of these spam marketing and newsletter emails don’t often adhere to this requirement.

An example of one of these spam marketing and newsletter emails is displayed below:

In today’s difficult economy, legitimate organizations are increasingly turning to email as an economic mechanism to advertise and distribute information about their products and services. While the intentions of legitimate marketing and newsletter email should be preserved, it is important that end users be equipped so that they can be able to distinguish between the legitimate marketing and newsletter emails and the spam version. Some anti-spam vendors have become more aggressive against these types of messages and most likely will continue to provide options for end users to take more aggressive filtering options against this type of spam.

Contributors: Dylan Morss, Mayur Kulkarni, and Amanda Grady