Stan Beer
Sunday, 03 December 2006 13:08
Business IT -
Security
Spammers are trying destabilize global spam-reporting services by flooding them with automated false spam reports, according to an Australian data security specialist.
According to anti-spam vendor, TotalBlock, which
uses a challenge-response system, the evidence came to light when one
of the company's customers was sent a spam email, which TotalBlock’s
spam-blocking technique challenged. The original spammer then reported
TotalBlock’s challenge to spam reporting service SpamCop as a spam
email.
SpamCop is an Ironport Systems, Inc. initiative that determines the
origin of unwanted email and reports it to the relevant Internet
service providers.
TotalBlock CIO Ben Corby, who created the TotalBlock challenge-response
solution for countering spam, said: “We believe this is clear evidence
that Spamcop is being duped by spammers, who are directly targeting the
reporting system. There is little doubt that other reporting sites are
being similarly hit by false spam claims.
“In our case, all we sent back to the spammer was a failed delivery
receipt – multitudes of these are sent across the Internet. We believe
that spammers are automating false spam reports because Spamcop has no
way of dealing with them. Anyone can report spam, including spammers.
It is clear they are trying to destabilise the system.”
Corby said the vulnerability of blacklists created from false reports
had the potential to throw global business communications into
confusion, since Internet service providers the world over use such
services.
The SpamCop web site (www.spamcop.net) claims: “By reporting spam, you
have a positive impact on the problem. Reporting unsolicited email
also helps feed spam filtering systems, including, but not limited to,
SpamCop's own service.”
TotalBlock has been campaigning against spam filtering techniques and
spam blacklists for the past two years, claiming that the
challenge-response method is more effective. However, the
challenge-response method has its own detractors. One weakness that has
been pointed out is that challenges can be filtered out by anti-spam
filtering systems so that senders never receive the challenge. Another
weakness is that spammers can send spam disguised as challenges.
The latest surveys by security vendors indicate that as much as 90% of all emails being sent today are spam.