Snowshoe Spamming Emerges as Threat to Email Security

27 December 2012

Unwanted email is an age-old online nuisance, but spammers are continually evolving their strategies and techniques in effort to remain one step ahead of antispam programs and email filters. One of the newest developments is snowshoe spamming, a technique that uses multiple IP addresses to send spam, in order to avoid detection by spam filters.

By sending email from many IP addresses, spammers spread out the load, thus the snowshoe metaphor. Frequently, criminals sell lists of email addresses to unsuspecting companies telling them these addresses have opted into receiving all types of advertising. Although it should be a clear signal that something is fishy, well-known companies have purchased these lists from spammers.

Snowshoe spamming is now one of the biggest spam problems. The issue has exploded over the past two years and will continue to increase sharply due to lack of exposure by law enforcement authorities and threats of lawsuits by companies using the illegal email lists.

The phenomenon is characterized by the following:

  • Spammers blast out millions and millions of blatantly illegal spam messages every day from newly rented hosts until they get evicted from their subnetworks or move on.
  • Recipients have their inboxes bombarded with these spam messages and are unable to opt out of them because they are not sent from a legitimate source.
  • The result of snowshoe spamming is permanently blacklisted addresses and sometimes subnetworks.
  • Because spamming is seen as simply annoying rather than malicious, authorities have largely ignored this problem, despite the growing volumes of unwanted email originating from these sources. Companies using these shady marketers have threated to file defamation lawsuits when researchers have tried to expose this activity.

McAfee Labs researchers will continue to track spam volumes, the spread of showshoe-spamming enterprises, and how corporations and authorities react to the growing email security threat.