Company warns of bugged spam messages

Hidden code in e-mail messages is increasingly being used to track the success of spam e-mail campaigns, according to an antispam...

Hidden code in e-mail messages is increasingly being used to track the success of spam e-mail campaigns, according to an antispam technology company.

MX Logic said that up to 50% of all spam released in the last year is bugged with so-called "spam beacons" which send a coded message back to the spammer whenever a spam message is opened, helping spammers refine their distribution lists and weed out good e-mail addresses from bad ones.

The beacons, also known as "web bugs", are created with HTML code embedded in the e-mail. For example, the beacon may be a URL for an image file stored on a server controlled by the spammer.

When the e-mail message is opened, the e-mail application requests the image and also sends along an encoded e-mail address of the recipient. The spammer's server responds by sending the image file to be displayed, but it also captures the e-mail address that was sent in a database of "good" addresses, said Richard Smith, an independent computer security consultant.

MX Logic analysed millions of spam messages that it processes for its 1,500 customers each day to study the spam beacon problem, said Scott Chasin, chief technology officer of MX Logic.

MX Logic's products use heuristic analysis to spot and block messages containing spam beacons, he said.

The company said renewed awareness of the spam beacon problem is needed because most e-mail users do not realise that they are being tracked by spammers. Also, many e-mail providers are not interested in stopping a "feedback loop" that lets spammers improve their art.

MX Logic found that spammers are becoming more sophisticated in hiding the spam beacons from antispam filters, and that spammers are using the data reported by the beacons to groom their messages and evade detection. 

The databases which collect the beacon data are often hosted on compromised "zombie" machines, making it difficult to track the spammer responsible for a particular campaign, Chasin said.

However, other experts played down the danger posed by the spam beacons.

Microsoft's latest e-mail client, Outlook 2003, automatically blocks the beacons, as do the company's Hotmail web-based e-mail service and America Online's e-mail program, Smith said.

In time, improvements in e-mail client technology and actions by e-mail providers will choke off the spam beacon problem. "I think you'll see the 'open' rates drop off altogether, or very dramatically, and spammers will start to wonder 'what are we measuring here,'" Smith said.

Paul Roberts writes for IDG News Service

Read more on IT risk management