We’ve all recieved those helpful out-of-office replies when someone is not going to respond to your email for a while. At work, I always like recieving these because then I know I shouldn’t hold my breath waiting for a response for whatever problem I am facing. I would have never thought these could be harmful, but, of course, spammers have found a way to abuse them.
An article posted on securitypronews.com describes how a spammer can take advantage of auto-responders. The trick is that the spammer needs to get around security measures that prevent spam. First, the adversary sets up a valid account at a normally-trusted provider. Then they turn on their auto-responder with an out-of-office message that is really their spam. They then send email with a spoofed ‘from’ field ito their newly created account. The auto-responder dutifully replies to the victim’s email message with a spam-filled auto-reply. Since the email came from a legit sender, everything checks out and the email is not filtered out.
In the article, a McAfee spokesperson noted that since the replies come from a legitimate sender, with various safe signatures like DKIM, DomainKey or Sender ID in place, they may breeze past typical spam filtering technology.
Yet another reason why email needs a major overhaul. it seems like DomainKeys/SPF should be utilized in this case as well to verify the legitimacy of the mail coming in to the auto responder.