• Spam email from legitimate business email servers

    There’s a new trick to send spam: using legitimate business email services. Just a few days ago, I received an email from Honeywell. It was spam.

    I checked the sender address and the sending domain. It seemed to be sent from Honeywell indeed. So I wondered why Honeywell would spam me with something that’s completely irrelevant to its business. After some research I realized that the spammers used Honeywell’s online forms to send out the spamming emails.

    Here is how it works.

    First, the spammer finds a web page that Honeywell uses to sign up users who are interested in receiving communication from Honeywell. Then they enter spamming info into the form and submit it.

    For example, if the form is filled out like this:

    You’d receive an email from Honeywell like this:

    Of course, the spammers won’t be so polite to enter just “I am spamming” as the first name. They’ll enter the full spam message there. And you’ll receive the whole spam message in the beginning of Honeywell’s sign up confirmation to you.

    Honeywell is by no means the only company that can be exploited to send out spam. Here’s a spam email I received from Quora several days back (where I blacked out the spam message):

    There doesn’t seem to be a way to block these spam emails since they were sent out from legitimate domains. Hopefully companies will take the necessary steps to block this technique.

Leave a Reply