Hidden code in e-mail messages is increasingly being used to track the success of spam, anti-spam company MX Logic has warned.
The company has found that up to 50 percent of all spam released in the last year was bugged with so-called "spam beacons" that send a coded message back to the spammer whenever a message is opened, helping spammers refine their distribution lists and weed out good e-mail addresses from bad ones.
The beacons, also known as "Web bugs", are created with HTML code embedded in the e-mail. For example, the beacon may be a URL for an image file that is stored on a server controlled by the spammer. When the e-mail message is opened, the e-mail application requests the image and also sends along an encoded e-mail address of the recipient.
The spammer's server responds by sending the image file to be displayed, but it also captures the e-mail address that was sent in a database of "good" addresses, said Richard Smith, an independent computer security consultant. Since most e-mail programs accept and read e-mail messages written with HTML, the method is surprisingly effective.
MX Logic analysed millions of spam messages to study the spam beacon problem, said Scott Chasin, chief technology officer of MX Logic. The company said renewed awareness of the spam beacon problem is needed because most e-mail users don't realise that they are being tracked by spammers. Also, many e-mail providers are not interested in stopping a "feedback loop" that lets spammers improve their art.
MX Logic found spammers are becoming more sophisticated in hiding the spam beacons from anti-spam filters, and that spammers are using the data reported by the beacons to groom their messages and evade detection, Chasin said. The databases that collect the beacon data are often hosted on compromised "zombie" machines, making it difficult to track the spammer responsible for a particular campaign, he said.
But other experts downplayed the danger posed by the spam beacons. Microsoft's latest e-mail client, Outlook 2003, automatically blocks the beacons, as does its Hotmail Web-based e-mail service and AOL's e-mail program, Smith said.
In time, improvements in e-mail client technology and actions by e-mail providers will choke off the spam beacon problem, he said. "I think you'll see the 'open' rates drop off altogether, or very dramatically, and spammers will start to wonder 'what are we measuring here'," Smith said.
Others doubt that spammers are really interested in tracking the success of their e-mail campaigns. "I've never seen much evidence that spammers care about deliverability," said John Levine of the Internet Research Task Force's Anti-Spam Research Group. "I believe that spammers have the Web bugs. I don't really know what they'd do with the collected data."