Hidden code in e-mail messages is increasingly being
used to track the success of spam e-mail campaigns, according to an
antispam technology company.
MX Logic said that up to 50% of all spam released in the last
year is bugged with so-called "spam beacons" which send a coded
message back to the spammer whenever a spam message is opened,
helping spammers refine their distribution lists and weed out good
e-mail addresses from bad ones.
The beacons, also known as "web bugs", are created with HTML
code embedded in the e-mail. For example, the beacon may be a
URL for an image file stored on a server controlled by the
spammer.
When the e-mail message is opened, the e-mail application
requests the image and also sends along an encoded e-mail address
of the recipient. The spammer's server responds by sending the
image file to be displayed, but it also captures the e-mail address
that was sent in a database of "good" addresses, said Richard
Smith, an independent computer security consultant.
MX Logic analysed millions of spam messages that it processes
for its 1,500 customers each day to study the spam beacon problem,
said Scott Chasin, chief technology officer of MX Logic.
MX Logic's products use heuristic analysis to spot and block
messages containing spam beacons, he said.
The company said renewed awareness of the spam beacon problem is
needed because most e-mail users do not realise that they are being
tracked by spammers. Also, many e-mail providers are not interested
in stopping a "feedback loop" that lets spammers improve their
art.
MX Logic found that spammers are becoming more sophisticated in
hiding the spam beacons from antispam filters, and that spammers
are using the data reported by the beacons to groom their messages
and evade detection.
The databases which collect the beacon data are often hosted on
compromised "zombie" machines, making it difficult to track the
spammer responsible for a particular campaign, Chasin said.
However, other experts played down the danger posed by the spam
beacons.
Microsoft's latest e-mail client, Outlook 2003, automatically
blocks the beacons, as do the company's Hotmail web-based e-mail
service and America Online's e-mail program, Smith said.
In time, improvements in e-mail client technology and actions by
e-mail providers will choke off the spam beacon problem. "I think
you'll see the 'open' rates drop off altogether, or very
dramatically, and spammers will start to wonder 'what are we
measuring here,'" Smith said.
Paul Roberts writes for IDG News Service