One of the most effective tactics in use by spammers today is the hijacking/theft of legitimate user’s email accounts for use in furthering spam campaigns.
There are actually four distinct reasons why it is so powerful for spammers to be able to send spam from a previously legitimate user’s email account:
- Once the account is stolen, the spammer’s software can read through the address book, inbox, sent mail and all other folders scraping the email addresses of people the legitimate user has corresponded with in the past. These emails then make excellent targets for sending spam.
- Email from actual AOL, Gmail, Hotmail, Yahoo and other ubiquitous email services are much less likely to be blocked by spam filtering systems.
- Even when a spam filter correctly recognizes that an email is spam, end users often have added such senders to their Allow or White lists, thus forcing delivery from the now compromised account.
- Further, recipients commonly retrieve spam from their filtering system when they recognize the sending address, but don’t realize the sender’s account has been compromised.
When you add it all up, there really is no better method of getting your spam delivered, and then actually opened by the target recipient.