Monday, 30 January 2006

Fewer spammers forging the From header

It's a truism that the "From" or "Sender" of a spam email message is almost always forged -- it's hardly ever the actual sender. That could be changing. I've noticed an increasing volume of spam hitting my spamtraps that appears to have a valid return address.

Why would this be? I can think of at least four reasons:

  • It's illegal in some countries -- but many other actions related to spamming are also illegal
  • Increasing use of sender authorization technologies such as SPF, Sender ID, and DKIM by spam filters -- spammers think that a valid return address makes it more likely that their spam will get delivered
  • Increasing use of "call to action" filtering -- spam that invites the user to reply by email is harder to filter than spam that quotes a web site or phone number
  • Lower likelihood of being cut off -- people are unused to sending complaints about the owner of the sender domain; overworked abuse desks are less likely to notice that the spam implicates the sender domain

Tags: .