Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Hidden code in e-mail messages is increasingly being used to track the success of spam campaigns, according to a warning by an antispam technology company.
Up to 50 percent of all spam released in the last year is bugged with so-called spam beacons that send a coded message back to the spammer whenever a spam message is opened, says MX Logic of Denver. Such tracking helps spammers refine their distribution lists and weed out bad e-mail addresses from good ones.
The beacons, also known as Web bugs, are created with HTML code embedded in the e-mail. For example, the beacon may be a URL for an image file that is stored on a server controlled by the spammer. When the e-mail message is opened, the e-mail application requests the image and sends along an encoded e-mail address of the recipient. The spammer's server responds by sending the image file to be displayed, but it also captures the e-mail address that was sent in a database of "good" addresses, says Richard Smith, an independent computer security consultant.
Analysis Cited
MX Logic analyzed millions of spam messages that it processes for its 1500 customers each day to study the spam beacon problem, says Scott Chasin, MX Logic's chief technology officer.
MX Logic's products use heuristic analysis to spot and block messages containing spam beacons, he says.
The company says renewed awareness of the spam beacon problem is needed because most e-mail users don't realize that they are being tracked by spammers. Also, many e-mail providers are not interested in stopping a "feedback loop" that lets spammers improve their art.
MX Logic found that spammers are becoming more sophisticated in hiding the spam beacons from antispam filters. Also, the spammers use the data reported by the beacons to groom their messages and evade detection, Chasin says.
The databases that collect the beacon data are often hosted on compromised "zombie" machines, making it difficult to track the spammer responsible for a particular campaign, he says.
Some Protection
Other experts downplay the danger posed by the spam beacons.
Microsoft's latest e-mail client, Outlook 2003, automatically blocks the beacons, as do the company's Hotmail Web-based e-mail service and America Online's e-mail, says consultant Smith.
In time, improvements in e-mail client technology and actions by e-mail providers will choke off the spam beacon problem, he adds.
"I think you'll see the 'open' rates drop off altogether, or very dramatically, and spammers will start to wonder 'what are we measuring here?'" Smith says.
Others doubt that spammers are really interested in tracking the success of their e-mail campaigns.
"I've never seen much evidence that spammers care about deliverability," says John Levine of the Internet Research Task Force's Anti-Spam Research Group. "I believe that [spammers] have the Web bugs. I don't really know what they'd do with the collected data."
