It seems that spammers have a new tactic in their war to get their unwanted... uhhh... content through our spam filters: forged newsletters.
What they're doing is sending messages that look like legitimate newsletters. Nasty. Examples seen so far appear to be from well-known brands such as 1-800-Flowers, Kohl, U.S. Airways, and "a fantasy football league" [Statto the spammer?].
There's no suggestion that the spammers have broken into the sending systems used by these brands. They just seem to be cloning legitimate content and modifying it. In the same way that phishers modify a bank's legitimate transactional messages to link to their own site, these spammers are taking copies of legitimate newsletters and tweaking them to include their spamvertisements.
But why go to all that trouble?
The idea is to take advantage of people's abhorrence of false positives. Spam filters will be carefully programmed, trained, or whitelisted to let legitimate newsletters through. If a spammer can make their spam look like one of these newsletters -- especially a widely-read newsletter -- they can get through the filter and in front of the user's eyes.
I've not seen the test runs in my overflowing spam traps -- credit for discovering the phony newsletters goes to Symantec. I guess it takes a large organization, with 24x7, follow-the-sun labs to really keep on top of new developments in spam tactics. It's the speed of identifying these sort of early indications that separates the men from the boys, as it were.
Update: Symantec sent a picture to illustrate. Wasn't that kind?
- David Utter: Spammers Target Email Newsletters
- Richard M. Georges: New spam trick
- Anick Jesdanun: New spam trick
- Kelly Jackson Higgins: Spam Hidden in Email Newsletters
- Frank Washkuch: Spammers hijacking legit newsletters
- SecGuru/Nov1: Newsletter creators aren't the only ones hoping their products don't get caught in spam filters