“Help! My inbox is being overrun with spam! How do spammers get my address?” The overwhelming questions we at Yahoo! receive from our users is about spam. People feel it is getting worse, and they want to know why. Spammers are employing more advanced tactics and getting more aggressive in their spamming techniques. Below are tricks that spammers use in tandem to gain access to your in-box.
Dictionary attacks: The spammer takes a “dictionary” of fairly common words and names, combines them, and sends e-mail to them – “johndoe@example.com, love2fish@example.org, etc. Spammers will pull names and words out of a dictionary and blast away at a mail server hoping to get some deliveries. The spammers typically do this sort of thing at leading e-mail providers that have a large base of users. Yahoo! Mail’s enhanced SpamGuard is more effectively identifying and preventing dictionary attacks. Yahoo! Mail’s Block Addresses and Customised Filters feature also helps foil this trick.
E-mail spoofing: The spammer trick of choice these days, e-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Fairly easy to manipulate by spammers, the e-mail may appear to come from one’s own e-mail, or a seemingly credible source, such as your bank. Spammers use spoofing in an attempt to get recipients to open, and respond to their solicitations. Never respond to unsolicited e-mail and report e-mail abuse via Yahoo! Australia & NZ Mail’s “This is Spam” link.
Mining message boards and chat rooms: If your e-mail address appears on a message board or within a chat room, spammers can use automated robots, or “bots,” to search the Internet and harvest your e-mail address. Yahoo! Mail recommends using an “alias” when visiting message boards and chat rooms, or spell out your e-mail address so a human can understand it, but it’s not readable by a computer, such as JOHNDOEATEXAMPLEDOTCOM. Most importantly, don’t post your e-mail address in public places -- treat it like you would your phone number.
Third party, open proxy servers: Many spammers use open proxy servers in an effort to maintain anonymity. Open proxies are third-party servers that enable spammers to distribute spam mail while concealing their true identity and Internet location (IP address). Yahoo! Mail’s patent-pending SpamGuard technology is proactively protecting users from this technique.
Web beacons: An e-mail may contain an html graphic, or image tag, within the e-mail that is invisible to the recipient. Once the e-mail is opened, the spammer is alerted that your address is “live.” Yahoo! Mail advises never open e-mail message if they appear to be spam. Additionally, Yahoo! Mail offers a new “Block HTML Graphics” feature that prevents html images to load until they are determined safe.
Social Engineering: This ploy tricks users into opening the spam mail by pretending to know the person, or trying to intrigue the person. Typical ruses include, “Hey how are you?,” “Urgent and Confidential,” “We need to meet,” “I have money for you, ” or, “Let’s go out this weekend.” Never respond to unsolicited e-mail and set up block addresses and customized filters.
Inserting random strings of text and characters: In an effort to get through spam control filters, e-mail abusers will insert random strings of text throughout the e-mail, to make the spam mail appear unique to any other e-mail. In addition, spammers will try to get around blocks and filters by adding spaces and characters to the header. E.g. V_I_A_G_R_A or Pe*n-s. Never respond to unsolicited e-mail, report e-mail abuse via Yahoo! Mail’s “This is Spam” link and set up block addresses and customised filters.
