Spammers Grab a “Pass” into your Inbox

Spammers crack CAPTCHAs to steal free e-mail providers' reputations


OTTAWA, July 9 2008: Roaring Penguin Software Inc. analyzed three weeks worth of data collected via its RPTN data-collection system and revealed a worrying trend: Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.


Roaring Penguin's data shows that over the three weeks from June 13 to July 3, 2008, the percentage of US-originated spam originating from the top 3 free e-mail providers (Yahoo, Google and Hotmail) rose from about 2% to almost 4%. Roaring Penguin believes that spammers are using Google's service in particular to send spam, relying on the fact that blacklisting Google's servers is impractical for most organizations. According to their data, the probability that an e-mail originating from a Google server is spam rose from 6.8% on June 13 to a whopping 27% on July 3. Detailed statistics are here. (PDF)


A CAPTCHA is a test designed to tell humans apart from computers. It typically involves typing a word seen in an image or heard on an audio recording. CAPTCHAs are designed to prevent automated creation of e-mail accounts.


David Skoll, CTO of Roaring Penguin Software, said: “The effectiveness of IP address-based reputation systems has increased the market value of a good IP address, making spam gangs concentrate their development efforts on breaking CAPTCHAs to create free e-mail addresses from which to spam. We predict a gradual but long-term decline in the effectiveness of IP address reputation systems.”


Roaring Penguin Software's anti-spam Software relies on a variety of techniques to detect spam including keyword search, header analysis, message format analysis, Bayesian statistical analysis, blacklists, whitelists, greylisting, open proxy lists, DNS verification, content-filtering rules, sender policy framework (SPF), custom rules and more. By not relying on IP address reputation exclusively, Roaring Penguin has been able to retain its 98 % + effectiveness in detecting spam.


About Roaring Penguin


Founded in 1999, Roaring Penguin Software Inc., specializes in e-mail filtering. The company focuses on fighting spam at the mail server, with the acclaimed CanIt and MIMEDefang product lines. Today, Roaring Penguin's anti-spam products are used by customers that include enterprises, ISPs, campuses, web hosts, and government offices. For more information visit www.roaringpenguin.com

AttachmentSize
ip-reputation.pdf8.46 KB