With the holidays upon us, you can expect a flood of e-greeting cards from folks wishing you a happy holiday. Typically, these will be small e-mail messages that offer a link to a colorful, animated greeting card stored on a server. It’s a cute idea. But for systems security’s sake, do not let users hit that link!

The idea started out innocently enough: Let people design their own greeting cards. This was completely innocuous because they did not send large files directly to recipients. Unfortunately, spammers have found a way to abuse this idea. They typically enter your address information by hand, inserting an advertisement in place of the holiday greeting. This year, the situation will get much worse. A flood of these fake greeting cards now originates from legitimate greeting card servers, and there are some scripts floating around that automate the address entering process. Spammers can loop through a massive mailing list, and each recipient gets what looks like a sweet greeting card from some well-wisher. What they actually receive is more spam.

What can you do?
For one view on the growing dangers of spam, check out the home site of the Mail Abuse Prevention System (MAPS). This group works to identify ISPs that cater to spammers. If you configure your own set of e-mail filters, you should check the MAPS Realtime Blackhole List (RBL) periodically. Here, the organization lists ISPs that are widely known spam sources and that have declined requests to block such traffic. MAPS filtering lets you selectively block e-mails from servers. It’s already built into some major mail products, including:

Have a comment?

If you’d like to share your opinion, start a discussion below or send the editor an e-mail.