We’ve all recieved those helpful out-of-office replies when someone is not going to respond to your email for a while.\u00a0 At work, I always like recieving these because then I know I shouldn’t hold my breath waiting for a response for whatever problem I am facing.\u00a0 I would have never thought these could be harmful, but, of course, spammers have found a way to abuse them.<\/p>\n
<\/p>\n
An article<\/a> posted on securitypronews.com describes how a spammer can take advantage of auto-responders.\u00a0 The trick is that the spammer needs to get around security measures that prevent spam.\u00a0 First, the adversary sets up a valid account at a normally-trusted provider.\u00a0 Then they turn on their auto-responder with an out-of-office message that is really their spam.\u00a0 They then send email with a spoofed ‘from’ field ito their newly created account.\u00a0 The auto-responder dutifully replies to the victim’s email message with a spam-filled auto-reply.\u00a0 Since the email came from a legit sender, everything checks out and the email is not filtered out.<\/p>\n In the article,\u00a0a McAfee spokesperson noted that since the replies come from a legitimate sender, with various safe signatures like DKIM, DomainKey or Sender ID in place, they may breeze past typical spam filtering technology.<\/p>\n","protected":false},"excerpt":{"rendered":" We’ve all recieved those helpful out-of-office replies when someone is not going to respond to your email for a while.\u00a0 At work, I always like recieving these because then I know I shouldn’t hold my breath waiting for a response … Continue reading