Life After Spoof

One intrepid journalist’s quest to reclaim his name.
(Page 1 of 2)

Contrary to what you and thousands of other innocent e-mailers might have read in your inbox last month, I am not selling pills to temporarily cure erectile dysfunction, I am not offering discounts on prescription drugs and I do not know where to find designer watches.

 

Instead, I was “spoofed,” apparently an IT security colloquialism for saying that some spammer found my email address online and put it in the reply field of thousands upon thousands of junk messages he (or she, I guess) sent to people I’ve never met in my life.

 

It’s not like I knew what was happening at the time. One day, my email was working normally — the usual deluge of notes from colleagues and friends. The next day, a Sunday, my account was inundated with thousands of bounce-back messages from Web servers all over the world.

 

“Returned mail: see transcript for details,” read the subjects. “Undeliverable.”

 

Some of the blowback came from well-known anti-spam solutions, declaring, “Message you sent blocked by our bulk email filter.”

 

Immediately, I feared the worst: someone had hijacked my machine. I ran Norton, Zone Labs and Adaware (yes, I have all three); each of which turned up blank for malware, spyware and viruses. Quizzically (but thankfully), additional diagnostics also came back negative.

 

The next morning, I tried my Internet Service Provider, where a cordial customer service representative checked the logs and told me that none of the messages actually was sent from my account.

 

Relief was followed by curiosity and concern. What the heck happened? And how could I clear my name?

 

Dermon Hartnett, principal analyst for the anti-spam engineering team at Symantec, was the first to tell me I’d been spoofed. Hartnett looked at some of the messages I received, and noted that the only difference between traditional spam and spoofed spam messages is that with the latter, spammers rely on the tactic of ‘familiarity’ between sender and recipient.

 

True meaning of horror

 

Later in the week, Rand Wacker, group product manager for IronPort Systems, offered an even more serious perspective. Walker said that especially for we freelance writers who constantly use our Web sites to broadcast our email addresses to the world, very little can be done to permanently prevent a similar spoof attack from happening again.

 

Given this reality, I was worried that being spoofed might blacklist me from some important email servers down the road — the true meaning of horror for us freelancers, who use e-mail  to connect with sources and editors all the time..

 

But Ofer Elzam, director of product management at Aladdin Knowledge Systems, said occasional (and innocent) spoofing victims like myself don’t have to worry about being blacklisted at all.

 

Elzam told me that because it’s so easy for spammers to spoof legitimate email addresses, most network administrators set up anti-spam filters to block entire e-mail servers instead, a practice that blocks spoofing when legitimate users send mail through trusted pathways.

 

“Security managers are aware of the spoofing techniques so they do not really accuse the real email owner of spamming or attacking,” he said.

 

Still, there had to be some sort of precautions I could take to improve my chances against spoofing the next time around.

 

Sven Krasser, director of data mining research for Secure Computing Corp., suggested two different options — both of which I have since taken to heart.

 

The first suggestion revolved around something called a Sender Policy Framework (SPF), an open standard that specifies a technical method to restrict which mail servers can send on behalf of a domain.

Page 1 of 2

 
1 2
Next Page



Tags: security, Microsoft, malware, policy, e-Mail


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.