Home / Blogs

How to Steal Reputation

J.D. Falk

The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system — usually one of the large webmail providers — to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new.

The first spam I dealt with, way back in the mid-nineties, was sent by a user on a shell server. So was nearly all of the other spam of that era. Some was sent via Compuserve, AOL, Prodigy, etc., but it was all from what today we'd call an individual end user's email account.

Then some of the spammers realized they could get dedicated servers — and that worked for a while. The community responded by swapping lists of IP addresses to block, eventually leading to the MAPS RBL and other fairly slow IP blacklists, and the whole battle became whether the spammers could move to new IPs before they got caught. That's what drove them to botnets in the first place.

But in the meantime, the spammers didn't stop sending through Hotmail and Yahoo! and other online services — particularly the people who send the advance-fee fraud scams from illusory African governments. Outbound spam was a big and growing problem when I was at Hotmail from 2001 to 2004, and it was even bigger and growing even faster when I was at Yahoo! from 2004 to 2007. Most of the methods these companies and others have used to try to reduce the amount of spam sent by their users is hidden in the background; the most visible response is the "CAPTCHA" image, that series of letters and numbers which you have to type to prove that you're a human. It has become a common refrain that "CAPTCHA is broken and useless," but you can't even imagine how much spam would get through if simple techniques like CAPTCHA weren't used any more. (Though, to be fair, many CAPTCHA implementations are trivially easy to break.)

Even though the services being abused have changed over time, and the scale has increased, and the rate of change is measured in hours rather than weeks, the core problem described by that silly term "reputation hijacking" is still the same as it was fifteen years ago: the spammers are using other peoples' servers and reputation when sending spam, and those other people are trying to stop them.

(This article was originally published by Return Path)

By J.D. Falk, Internet Standards and Governance
Follow CircleID on
Related topics: Cybersecurity, Email, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign