Application security

‘Island-hopping’ spammers bypass servers with tropical domains

Seeing unusual email from Tonga or American Samoa? How about the Isle of Mann or Sao Tome and Principe?

Use of the domain names of small South Pacific islands in website links is the latest tactic spammers are using to bypass email filters, according to researchers at McAfee.

Although spammers generally use top-level domains such as .com or .info, they've turned to those from smaller countries because they're less known to spam filters.

McAfee researchers first noticed a significant increase in use of the domain for Sao Tome and Principe, a small island off Africa's west coast.

Among other small islands favored by spammers are Tokelau, Cocos Islands, Tuvalu, American Samoa, the Isle of Mann, Tonga and Sao Tome and Principe.

Steve Steinhauer, senior product manager at McAfee, told today that many of the spam servers using this technique are not actually located in the countries they pretend to be from.

"I don't think that most spam filters are going to be aware of (these foreign top-level domain names) yet," he said. "(The messages) are nothing terribly out of the ordinary. It's the same Viagra ads, all using top level domains, and the servers are not necessarily located in these countries."

Guy Roberts, senior development manager of McAfee's Anti-Spam Research and Development Team, said in a company release that some islands were discovered to have a suspicious number of domains for their size.

"This new trend is another example of spammers' relentless quest to spread their abuse of internet domains far and wide," he said. "Some of these islands have dozens of spammed domains per square mile."

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.