If you have noticed an increase in spam recently, there is a good reason – the amount of spam in the Internet has more than doubled in volume since January. Cisco reports on recent spam volumes shows:
- A spam increase of 150% in February compared to January
- A spam increase of 210% March (to date) compared to January
Not all of this is getting through our filters. We’re still catching most of the older types of spam at the same rates but we are now seeing two new types of spam.
Yahoo spam is not really new since Yahoo has been the major source of “freemail” spam for quite a while now. But now it looks like spammers are really starting to take advantage of Yahoo’s failure to crack down on account hacking and spammer owned accounts.
Spammers seem to be having a lot more success hacking Yahoo accounts and spamming their address books. These spam messages seem to come from an email address that you are familiar with (but not necessarily from Yahoo) and contain little or no text and a URL. Although the address may not be from Yahoo, the sending server is a Yahoo server,
The second type of Yahoo spam comes from a valid account at Yahoo that’s owned by a spammer. They also typically contain little or no text and a URL. These spams are often Loan, Green Coffee or “buy something” types of scams.
These spam are more difficult to properly identify since:
- They somewhat resemble real emails
- They contain few, if any, obvious “spammy” words
- They are DKIM signed by Yahoo as vaild emails
- They use a multitude of shortened URLs that point to a spam payload
- They appear to be lower volume spam runs that take a while to hit the URI DNS BLACKLISTS
In addition to the increased Yahoo spam, the spammers are using a new technique. They register a large number of new domains and immediately start using them to spam. Typically they time the spam run to start just after the RBL’s that list new domains have just finished their daily download of new domains. This gives the spammer 24 hours before the rules that limit spam from newly registered domains know that they exist.
But we haven’t been idle. We have already updated your systems with some new rules specifically created to trap these new types of spams. We are also actively testing new tools to trap the newly minted domain spam and expect to be able to automatically update your systems with these tools in the near future.
Just before the spam volume was ratcheted up, we had already started work on automating the processing of all the spam you report. We are happy to report that this work will make it easier for us to react more quickly to new types of spam.
While we would like to share the details of this work with you, for obvious reasons, we’d prefer not to put that information in an email. We’ll be making more announcements as the results of our research and testing work are deployed to your production systems.
Please feel free to contact us if you have any ideas or concerns.
FSL Support Team