Once spammers have a list of e-mails addresses they have to send their message to these recipients. When undesired mail was not a big problem as it is now, they could use their own infraestructure to send it, that is, their own servers or even from their own e-mail account. But as more spammers used this server administrators began to implement techniques to avoid being used to send spam, as it was a big consumption of resources, so they had to switch to using other’s servers.
This is a big annoyance for the owners of the servers, as they will be probably black-listed and will not be able to send legitimate mail, causing a disruption of the service for legitimate users.
In a first instance, spammers used mail servers which were incorrectly configured and allowed anyone to send e-mail through it (technically, it is known as relaying mail). It’s very cheap to use this technique, as to send massive amounts from the server the spammer only needed to send it once. Fortunately, nowadays most administrators configure their servers correctly and only allow authorized users to send e-mail, so spammers needed to find another way to send their junk. If you administer an e-mail server and you don’t have secured it against relaying you should check how to disable it.
The most common used technique nowadays is relay mail through botnets. Botnets are groups of compromised computers controlled remotely by the attacker and spammers use them to send the e-mails to the world. Unfortunately, there are a lot of botnets in Internet and it’s quite cheap to find someone who controls one and sends the e-mails for us.
For this reason, it’s important to protect our computer so it doesn’t get used to spam all the world. Also, some ISPs implement filters so e-mail from their users can only be send through their server (technically, they close the outbound TCP port 25). This way, they can’t send spam from that account but this is also an annoyance for more advanced users, which sometimes need to use other e-mail servers as they might have different accounts in other places.
0 Responses to “E-mail security: how they send the e-mail”