Home / Blogs

How to Steal Reputation

The term “reputation hijacking” continues to spread through the anti-spam community and the press. It’s intended to describe when a spammer or other bad actor uses someone else’s system—usually one of the large webmail providers—to send their spam. The idea is that in doing so, they’re hijacking the reputation of the webmail provider’s IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new.

The first spam I dealt with, way back in the mid-nineties, was sent by a user on a shell server. So was nearly all of the other spam of that era. Some was sent via Compuserve, AOL, Prodigy, etc., but it was all from what today we’d call an individual end user’s email account.

Then some of the spammers realized they could get dedicated servers—and that worked for a while. The community responded by swapping lists of IP addresses to block, eventually leading to the MAPS RBL and other fairly slow IP blacklists, and the whole battle became whether the spammers could move to new IPs before they got caught. That’s what drove them to botnets in the first place.

But in the meantime, the spammers didn’t stop sending through Hotmail and Yahoo! and other online services—particularly the people who send the advance-fee fraud scams from illusory African governments. Outbound spam was a big and growing problem when I was at Hotmail from 2001 to 2004, and it was even bigger and growing even faster when I was at Yahoo! from 2004 to 2007. Most of the methods these companies and others have used to try to reduce the amount of spam sent by their users is hidden in the background; the most visible response is the “CAPTCHA” image, that series of letters and numbers which you have to type to prove that you’re a human. It has become a common refrain that “CAPTCHA is broken and useless,” but you can’t even imagine how much spam would get through if simple techniques like CAPTCHA weren’t used any more. (Though, to be fair, many CAPTCHA implementations are trivially easy to break.)

Even though the services being abused have changed over time, and the scale has increased, and the rate of change is measured in hours rather than weeks, the core problem described by that silly term “reputation hijacking” is still the same as it was fifteen years ago: the spammers are using other peoples’ servers and reputation when sending spam, and those other people are trying to stop them.

(This article was originally published by Return Path)

By J.D. Falk, Internet Standards and Governance

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com