McAfee Avert Labs has warned that the number of spammers which use the 'out of office' functionality of web-based email systems to distribute junk mail is on the increase. The particular technique in question, which involves spammers setting up web-based email accounts which are configured to auto-respond with spam instead of a genuine 'sorry but I am away from the office right now' message, is reaching new heights of popularity.
One spammer seen using this technique is advertising an adult Web site. The auto-responder spam does not look like a typical out of office reply. The message subject does always contain "Re:" because that's added by the Web mail service, but the spammer controls the rest of the subject line and the message body text. Indeed, pretty much the only way to determine the auto-responder nature of the mail is to carefully inspect the headers.
"In recent weeks we have seen an increasing number of spam apparently sent by legitimate Web-based e-mail systems," said Jeremy Gilliat, an Aylesbury, UK-based anti-spam engineer at McAfee. "Interestingly we see spam from a number of accounts being abused in this way. I suspect the spammer has a program that automatically creates accounts and sets the responder text, all with no manual work required. This gives the spammer the capability to have lots of Web-mail accounts, all used to spam lots of people."
From the perspective of the spammer it makes plenty of sense, because it is yet another method of circumventing many anti-spam filtering systems. After all, an automatic reply from any of the usual suspects when it comes to web-based email systems will look pretty legitimate to most such tools. Botnets tend not to have a legit sender nor do they come replete with correct signatures such as DKIM, DomainKey or Sender ID for example. McAfee, of course, claims its own filters are not so easily fooled and use a combination of header and message content checks to block such auto-responder spamming.