Spammers Abuse Yahoo's DomainKeys Authenticated Mail
Via heise Security News.
Spammers are abusing Yahoo's mail servers to bypass filters, according to the MessageLabs monthly report for April 2008 [.pdf]. They are digitally signing their email headers using Yahoo's DomainKeys Identified Mail (DKIM), thereby convincing spam filters that the email is legitimate.
Spammers are not sending their messages using Yahoo's web front end, but instead using the company's SMTP servers that allow Yahoo users to use any email client. According to MessageLabs, most of the spam sent in this manner using Yahoo Mail comes from the Yahoo! Plus server, which is a premium service. To create Yahoo accounts, Spammers are using automatic scripts, which, according to MessageLabs, are able to crack captchas.
In particular, the Spam clique known as Canadian Pharmacy uses Yahoo's servers. The report says this group used more than 1100 specially created email accounts during the period under review.
More
here.
2 Comments:
Those messages are legitimate, within the context of DomainKeys: they really were sent through the server that signed 'em.
DomainKeys doesn't tell you whether a message is spam or not, only whether it was sent by the domain which signed it or not. It's up to you to figure out whether you want to accept mail from that domain.
Which is why, of course, DomainKeys is no panacea. :-)
- ferg
Post a Comment
<< Home