25/07-08   -   Press releases

Spammers Grab a “Pass" into your Inbox

Spammers crack CAPTCHAs to steal free e-mail providers´ reputations

Roaring Penguin Software Inc. analyzed three weeks worth of data collected via its RPTN data-collection system and revealed a worrying trend: Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.

Roaring Penguin´s data shows that over the three weeks from June 13 to July 3, 2008, the percentage of US-originated spam originating from the top 3 free e-mail providers (Yahoo, Google and Hotmail) rose from about 2% to almost 4%. We believe that spammers are using Google´s service in particular to send spam, relying on the fact that blacklisting Google´s servers is impractical for most organizations. According to our data, the probability that an e-mail originating from a Google server is spam rose from 6.8% on June 13 to a whopping 27% on July 3.
A CAPTCHA is a test designed to tell humans apart from computers. It typically involves typing a word seen in an image or heard on an audio recording. CAPTCHAs are designed to prevent automated creation of e-mail accounts.

David Skoll, CTO of Roaring Penguin Software, said: “The effectiveness of IP address-based reputation systems has increased the market value of a good IP address, making spam gangs concentrate their development efforts on breaking CAPTCHAs to create free e-mail addresses from which to spam. We predict a gradual but long-term decline in the effectiveness of IP address reputation systems."
Roaring Penguin Software´s anti-spam Software relies on a variety of techniques to detect spam including keyword search, header analysis, message format analysis, Bayesian statistical analysis, blacklists, whitelists, greylisting, open proxy lists, DNS verification, content-filtering rules, sender policy framework (SPF), custom rules and more. By not relying on IP address reputation exclusively, Roaring Penguin has been able to retain its 98 % + effectiveness in detecting spam.

About Roaring Penguin
Founded in 1999, Roaring Penguin Software Inc., specializes in e-mail filtering. The company focuses on fighting spam at the mail server, with the acclaimed CanIt and MIMEDefang product lines. Today, Roaring Penguin´s anti-spam products are used by customers that include enterprises, ISPs, campuses, web hosts, and government offices.