Blacklists rendered useless as spammers leap ahead
On Thursday, anti-spam organisation SpamHaus, which compiles blacklists that block around eight billion e-mail messages a day, reported that spammers have started sending spam via the mail server of an infected PC's Internet service provider. This means the spam appears to come from the ISP, making it very hard for an anti-spam blacklist to block. Previously, compromised or zombie PCs have been used as mail servers to send spam e-mails directly.
David Banes, technical director at e-mail security specialist Messagelabs Asia Pacific, said the company has noticed a huge increase in spam over the past few weeks as more spammers begin using the new technique. He expects traditional blacklists will be rendered virtually useless.
"This means you can't trust your blacklists anymore. We have seen a spike in spam over the last few weeks. If you do rely on blacklists [to block spam] then you are in trouble," said Banes.
Neil Campbell, the national security manager of IT services company Dimension Data, agreed with Banes, syaing the competition between spammers and the anti-spam communities is "hotting up".
"This creates difficulties for blacklist operators because there is generally no reason for somebody's home Windows machine sitting at the end of a DSL link to be operating as an SMTP server. But, there is a very good reason for the ISP to have an SMTP server. You can't blacklist the ISP so you have to find another method of detecting the spam," said Campbell.
Antivirus firm McAfee, which has created a commercial version of the open source SpamKiller anti-spam product, said in reaction to recent technical innovations by spammers, the company has started updating its anti-spam rules engine once a week instead of once a month.
Alan Bell, marketing director for McAfee Asia Pacific, said that the company's decision to increase the frequency of its updates is due not only to more innovation from spammers but also because of the apparent collusion between spammers and phishers.