CNET también está disponible en español.

Ir a español

Don't show this again

Internet

Spam throws on a disguise

That e-mail from your co-worker or a network administrator at your company may contain more than a friendly message: It could be hiding a junk mailer's sale pitch.

Spam's newest pitches are coming to you courtesy of friends and co-workers--or so it might seem.

In one of the latest marketing gimmicks circulating the Net, the sender comes disguised as a corporate network administrator with the subject line: "Your mailbox is over its size limit." Once opened, however, the e-mail's message lewdly invites the recipient to view adult material.

Such spam tricks are designed to make spam harder to ignore--an increasingly difficult task with skeptical consumers battling e-mail overload. As a result, commercial messages with familiar-looking origins and subject lines are becoming the norm.

"This is extremely common now," said Steve Linford, who maintains a London-based blacklist of mass e-mailers called the Spamhaus Block List. Spammers are attempting to seem familiar "because so many people are getting suspicious about the e-mail they get because they're getting flooded with spam."

Junk-mail senders are turning to new come-ons as consumers increasingly skip over messages with anonymous subject lines such as "Hi, remember me" or "Here's the information you requested." But even people on high spam alert find it difficult to slough off messages that appear to come from the sales or support staff at the recipient's own company.

So how do spammers create such a realistic facade? They typically use software designed to carry out forgeries, filling false information such as name and e-mail address into the sender's mail client with each new attack. The software can be rigged to use the same e-mail address to send and receive a piece of junk--making it more common to view junk that appears to originate from you. It can also be used to hijack corporate domains such as cnet.com, a tactic aimed at convincing recipients that an e-mail comes from a trusted source.

The method addresses two problems for the spammer. First, the spoofed address allows the e-mail to get by corporate filters that seek to identify and block spam. Second, the message will more likely get opened by an employee who thinks it's from a co-worker.

Still, people can fight back. Linford said that in some states, such as California or Washington, deceptive spam is illegal, giving residents the right to take junk mailers to court. Most anti-spam laws prohibit mail with misleading subject lines and headers. In California, the penalty for deceptive spam is $500 per mailing.

The most difficult part of making such a case may be simply identifying the sender. Linford said that about 100 spammers produce nearly 90 percent of the junk mail sent today, but disguised addresses and other tactics make it difficult to link one of those spammers to a particular piece of mail.

Dan Birchall, executive director of advocacy group the SpamCon Foundation, suggests that recipients contact their Internet service provider to see if it is using proper filters to help stop the forgeries.

"You have to be a little bit skeptical," Birchall said.