An email service has been set up to allow suspicious emails to be sent in order to ‘disrupt fraudsters'.
Set up by Action Fraud, recipients of scam emails are encouraged to forward them on to firstname.lastname@example.org. Action Fraud said that emails received will be forwarded to the National Fraud Intelligence Bureau run by the City of London Police for collation and analysis, enabling intelligence to be gathered and preventative action to be taken.
The service was welcomed by Paul O Baccas, senior threat researcher at SophosLabs UK, who said he personally applauded the motives of the agency but questioned the effectiveness of the initiative.
He said: “It's all very well that the National Fraud Authority's Action Fraud website wants to be sent your scam emails, but has it provided members of the public with sensible instructions on how to send them in?
“Plain forwarding of an email is ‘lossy', in other words you lose important information that can be helpful in determining who may be behind the scam, or how it is being run. Specifically, full email headers are not normally included when you forward an email message.
“This is an issue we know only too well about here at Sophos. Because relevant information can often be lost through the act of simple forwarding an email, the team at SophosLabs asks customers to send us email samples as RFC-2822 attachments. This retains the header information and means that the underlying characteristics of the message are not mangled in forwarding.”
However problems with the service, including reports of messages being bounced back, have hampered it. Action Fraud acknowledged the issue with a statement, which said: “Got an email bounce back? We have still received the scam emails you forward to us even if you get a bounce back message. The bounce back message just means the email has gone into a holding area for spam, which is then released and received by us as usual. You therefore do not need to contact us again once you have forwarded your scam emails.”
As an experiment, SC Magazine took a typical spam message delivered to a webmail address that claimed to be from PayPal encouraging the recipient to verify their account ‘due to a policy update'. We sent it to the address and a minute later a failed delivery status notification arrived.
Comments on the Sophos website echoed this. One person said that they had three messages that all bounced back, while another also forwarded three spam emails that were bounced and returned undelivered with an automated response that read: 'Your email was detected as spam'.