Are Spammers Spoofing Your Newsletter?
By Neil Schwartzman
Senior Director, Security Strategy, Receiver Services
You may have heard recently about spammers sending out scads of their usual garbage with topical subject lines referring to the Chinese satellite issue, or the terrible storms taking place in Europe. These messages are actually Trojans intending to infect unwitting recipients. This is a typical social engineering trick to garner better open rates, a variance on subject lines like “About the meeting today” or “Dont understand, hope u can help.”
But now, spammers have discovered a new tactic that has serious implications for the sender community. According to Symantec, spammers are now forging email to look like it is coming from the publishers of legitimate newsletters and email streams. Just as phishing has hampered financial services move into email, this type of spam will have serious negative impact on legitimate senders caught up in this deception.
There are a few steps you can take to mitigate any damage:
- Set up SPF/Sender ID records for your mailing domains immediately. Sender Score Certified has just published a SPF/Sender ID Deployment Guide, with all the tools you need to do the job properly. Also, setting up DomainKeys — which is used by Yahoo! and Gmail — is advised.
- Make sure your bounce addresses are working perfectly, and that someone in your organization is tasked with monitoring the bounce queue and logs on a daily basis. Spammers like to do their mail blasts beginning at 5 p.m. on a Friday to take advantage of lower staffing.
- Make sure your desktop’s system software, anti-virus and anti-spyware applications are updated daily, and they scan your disk as often. For more tips on this, visit the Stop Spam Here Campaign.
- Review your subject lines and friendly sending addresses. Standardize them to be clear, and properly reflect your content.
- Make sure your network administrator has properly listed your sending IPs on the Spamhaus Policy Blocklist.
- Use tools like Sender Score Mailbox Monitor, Blacklist Monitor, and Reputation Monitor to keep abreast of how the receiving community regards your email. In particular, watch your complaint rates. A spike in complaint rates could be a sign that your newsletter has been spoofed.
- Apply for Sender Score Certified. If you qualify, your email will be accredited for over 240 million mailboxes.