|
Spammers are now capable of sending spam to a recipient using the address of someone that the recipient knows as a sender's address.
The main objective of a large percentage of viruses found on the Internet is
to collect the contents of address books, thereby pairing addresses
of people who are aquaintances.
We are therefore starting to see more and more "intelligent" spam, appearing
to come from an aquaintance, as in the example
below. Such a strategy will become a defacto standard of spammers in the years to come.
A growing number of companies are protected by Antispam solutions that include
user-level white lists--white lists which can be managed by the users
themselves. This strategy will become an Achilles heel in the future, allowing
spam to pass directly to the user, circumventing all analysis.
It is essential to be protected by a spam filter that commits few
errors, one that combines all available methods other than white lists to
avoid false positives. The white list should be used only as a last resort,
managed by a product specialist, and in combination with other decisional
criteria if possible.
The following example illustrates a spam containing a forged sender's address,
my-colleague@fastnet.ch, which is found in my address
book.
This spam was blocked by Mailcleaner, based on a combination of rules
(in green).
It would have passed directly through the filter if my-colleague@fastnet.ch had been in the white list for
the mailbox sales@fastnet.ch.
From - Tue Jun 13 16:09:29 2006
X-Account-Key: account2
X-UIDL: 449949495
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from smtp.mailcleaner.net [195.176.194.12] by fastnet.ch with ESMTP
(SMTPD32-8.15) id A496C0A000AE; Tue, 13 Jun 2006 15:58:46 +0200
Received: by stage2 with id 1Fq9Ha-0002s0-KM ; Tue, 13 Jun 2006 15:50:14 +0200
Received: from lshp2.fastnet.ch ([193.246.63.16] helo=smtp2.mailcleaner.net)
by mailcleaner stage 1 with esmtp
with id 1Fq9Ha-0002rr-JX
from ; Tue, 13 Jun 2006 15:50:14 +0200
Received: from [220.167.162.182] (helo=friko7.onet.pl)
by mailcleaner stage 1 with smtp
with id 1Fq9PZ-0001Wn-U9
from ; Tue, 13 Jun 2006 15:58:30 +0200
Message-ID: <9E383484.3BC51D2@friko7.onet.pl>
Date: Tue, 13 Jun 2006 11:54:39 -0300
From: "Aubrey"
User-Agent: Mozilla 4.72 [en] (Win95; I)
X-Accept-Language: en-us
MIME-Version: 1.0
To: <my-colleague@fastnet.ch>
Subject: looking for someone?
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-MailCleaner-Information: Please contact support@mailcleaner.net for more information
X-MailCleaner: Found to be clean
X-MailCleaner-SpamCheck: not spam, SpamAssassin (score=6.142, required 5,
BAYES_99 6.00, SARE_TOWRITE 0.14)
X-MailCleaner-SpamScore: oooooo
X-RCPT-TO: <sales@fastnet.ch>
Status: U
X-UIDL: 449949495
Hire,
i am here sitting! in the internet caffe. Found your email and
decided to write. I might be coming to your place in 14 days,
so I !decided to email you. May be we can! meet? I am 25 y.o.
girl. I have a picture if you want. No need to reply herae as
this is not my email. Write me at rq@mailforfreedom.com
|
