Spammers steal free e-mail providers’ reputations

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

Roaring Penguin Software Inc. analyzed three weeks worth of data collected via its RPTN data-collection system and revealed a worrying trend: Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.

Roaring Penguin’s data shows that over the three weeks from June 13 to July 3, 2008, the percentage of US-originated spam originating from the top 3 free e-mail providers (Yahoo, Google and Hotmail) rose from about 2% to almost 4%. Roaring Penguin believes that spammers are using Google’s service in particular to send spam, relying on the fact that blacklisting Google’s servers is impractical for most organizations. According to their data, the probability that an e-mail originating from a Google server is spam rose from 6.8% on June 13 to a whopping 27% on July 3.

A CAPTCHA is a test designed to tell humans apart from computers. It typically involves typing a word seen in an image or heard on an audio recording. CAPTCHAs are designed to prevent automated creation of e-mail accounts.