Monday, April 23, 2007

DomainKeys-verified spam

I got excited when I read about the Yahoo! DomainKeys technology the first time. That would make spammers' life much harder because message headers tracking the sender's origin would be signed, providing a more efficient way of blacklisting abused domains.

Currently both Yahoo! and GMail, two among the major mail services, sign their outgoing messages with DomainKeys, meaning a significant amount of legitimate messages circulating on the Internet now have a signature. Unfortunately, that might have already got the attention of at least one spammer. I've been receiving some suspicious messages (DomainKeys-verified) from different GMail accounts, all looking like this:

Subject: Re: kryw

sqh vsi cfhj.

(pharmacy related ad image)


I can only take one (obvious) conclusion: spammers are creating temporary GMail accounts — which, I hope, are terminated by Google as soon as they notice them — to take advantage of the fact that, currently, spam filters skip DomainKeys-verified messages (at least on my Yahoo! and GMail accounts).

I couldn't find any report of this happening with other people, although I'm sure I'm not the only victim. I wonder what will be the near future of spam and spam filters. Will all unsolicited messages be signed? Will the filters need to analyze the message content with heuristics much the same way they do now with unsigned messages?

Well, while we wait for the future, all we can do is make a report of the offending accounts. If you also receive a spam signed by Google, report it here. Messages from Yahoo! may be reported here. If the abused accounts don't get the chance to annoy too many users, the effort spammers take to create them will not be payed off. Don't let they circumvent the cost of answering the CAPTCHA's of account creation pages.

3 comments:

Express1000 said...
This comment has been removed by a blog administrator.
Kiko said...

Great article. IT helped me to get rid of G-Buster for ABN Amro. I hate this plague, and I wish we could tell the banks how bad G-Buster really is. But, till then we can at least remove it after all.

Anonymous said...

I receive these daily. I expand the header and copy and paste it to the forward message and send it to abuse@yahoo.com. They send me an email saying it is being taken care of.