One way spammers send “legitimate” spam

I wrote a full-blown smtp server for one of my clients, with some anti-spam and anti-abuse systems and I was contacted today by him because for some reason the server is sending a lot of spam out.
After some investigation we learned that:
– the spammers are using stolen credit cards to sign up to the paid server and get a user/pass used to authenticat
– since we deemed all paid customers as “good”, spam was getting out
– they quicly learned about the anti-abuse and stopped abusing the system in the obvious way, but still sending spam at the peak level so that the sytem would not pick up the abuse.

Basically, they stop wasting time to buy a domain and hosting and set it up for emailing, they buy directly a nice email account they can use. Cheaper, no time wasted to set it up and easy to ditch.

So, it seems we will be applying spam filters to all messages.

Related posts


Leave a Reply

This blog is kept spam free by WP-SpamFree.