Bulk emailers are digitally signing unsolicited messages in hopes of bypassing popular filtering programs, but updated software has been modified to detect the trick. The trick was noted on several security lists, as the number of junk email messages sporting . . .
Bulk emailers are digitally signing unsolicited messages in hopes of bypassing popular filtering programs, but updated software has been modified to detect the trick. The trick was noted on several security lists, as the number of junk email messages sporting digital signatures has apparently increased. Digital signatures are used in email to attest to the validity and integrity of an email message; any changes to the message's text break the signature and can thus be detected.

The new spam tactic was probably introduced to fool a popular open-source email filtering program known as SpamAssassin, said Rand Wacker, director of product strategy and planning for email software maker Sendmail. Wacker said the openness of the program's development allows spammers to develop tricks to fool the software.

"Since SpamAssassin is built in a very transparent way in how it does its filtering, we see a lot of spam that is directly targeted at getting past SpamAssassin," Wacker said. Sendmail's own spam program, Mailstream, wouldn't be fooled by the technique because it doesn't give better scores to signed email messages. Filters frequently use a scoring system to evaluate whether a particular message is spam or legitimate.

The link for this article located at ZDNet is no longer available.