Written by Paul Cunningham
closeAuthor: Paul Cunningham
Name: Paul Cunningham
Email: paul@exchangeserverpro.com
Site: http://www.exchangeserverpro.com
About: Paul lives in Brisbane, Australia and works as a technical consultant for a national IT services provider, specialising in Microsoft Exchange Server and related messaging systems.See Authors Posts (63) on August 5, 2009
My last post on international spam fighting attracted a comment from reader Andreas Kroll. Andreas asks “Why is it really so hard to tackle spam?”
That is a good question, and one we don’t often stop and think about. The war against spam carries on with each side adjusting to the other’s new techniques with new ways of defeating them. This constant shifting of the landscape makes anti-spam a very fluid, dynamic industry with rapid technology changes. Of course to the regular person using their computer for email and internet access they are probably wondering what all of the clever people at anti-spam company are really doing about it.
Let’s take Andreas’ comment for example.
“Spam in itself is the repeated sending of (nearly) identical messages to a lot of people.”
This would be true if all spam messages were created equally. I’m sure we’re all familiar with viagra spam, or Nigerian 419 spam, or lottery spam, but if you sat and looked at 10 viagra spam emails in your Junk email folder you won’t find two the same. Spammers will simply use an email template with a series of variable portions, and run scripts to insert a variety of values into those fields. A short spam email with just 10 fields, each with 10 possible values, means 10,000,000,000 unique spam emails can be produced. Continue reading Why is it Really So Hard to Tackle Spam?»
Written by Carl E. Reid
closeAuthor: Carl E. Reid
Name: Carl E. Reid
Email: creid3005@gmail.com
Site: http://www.iTechSpeak.com
About: Developing his career from the mail room to the board room, Carl E. Reid has achieved success by skillfully blending 40 years of technology and business intelligence experience with his passion for helping companies succeed. Carl is founder and CEO of NetTECH Systems Reid & Associates, Inc., an emerging technology consulting company located in the New York City area. One of his specialties is 15 years as a collaboration and email infrastructure consultant. He has implemented and supported Lotus Notes/Domino and other types of SMTP gateway/network configurations in small to large global companies up to 33,000 employees. Some of his clients have included IBM, Citi, JPMChase, Oxygen, LVMH - Moet Hennessy, MeadWestvaco, non-profits and professional organizations.
Carl is a Savvy Business Owner, Public Speaker and Author. His articles have appeared in Network World, Computer Monthly magazines and hundreds of web sites. Combining business technology consulting with professional blogging, Carl specializes in advising clients how to best leverage the Internet as a tool for high impact visibility. Carl's speaking style combines humor with expertise, and his advice is always down-to-earth and practical.
He personally publishes Library of Congress recognized newsletter blog, http://www.SavvyIntrapreneur.com and http://www.iTechSpeak.com. Carl wrote the original "Professional Blogger Job Description", being used as standard document within companies. As a business career coach, Carl teaches professionals how to run their career as a profitable business.See Authors Posts (56) on May 12, 2009
This is a real case study, which happened over the last couple of weeks at a client site. During this time the client email administration team had been experiencing various problems with their LISTSERV. First, let’s cover a few technical details. This will lay a foundation as to why backscatter is the most dangerous tool in a spammer’s arsenal of weapons.
Spammers like to put fake information in email messages. This sneaks them past email filters. Since email spam filters now just delete messages that come from non-existent domains, the spammers are very slick about making their messages look like they’re coming from real email addresses. If your corporate e-mail addresses has been published anywhere on the Internet, you and your coworkers are at risk as prime candidates for backscatter.
Continue reading Spammers’ Most Lethal Weapon»
Written by Paul CunninghamcloseAuthor: Paul Cunningham
Name: Paul Cunningham
Email: paul@exchangeserverpro.com
Site: http://www.exchangeserverpro.com
About: Paul lives in Brisbane, Australia and works as a technical consultant for a national IT services provider, specialising in Microsoft Exchange Server and related messaging systems.See Authors Posts (63) on April 29, 2009
Most of the articles you’ll read on a blog such as this will describe how to protect yourself from certain types of spam. Most of the articles I’ve written so far do exactly that. Today I’m going to add another dimension to my post and discuss how to protect both yourself and others from “backscatter” spam.
What is Backscatter Spam?
The term “backscatter spam” refers to a spam attack that targets non-existent email addresses and causes email “bounce” messages to be sent to innocent parties. The “bounce” messages are known as Non-Delivery Reports (NDRs) and are sent by an email server to let the sender know that the message was not delivered.
NDRs are a normal and useful part of the SMTP protocol. However when NDRs were first envisaged the concept of address spoofing was not considered. Address spoofing is when a spammer forges the “From” address on a piece of spam they are sending. This is how backscatter affects innocent parties – even though they didn’t send the spam, they receive the NDR because their email address was forged by the spammer.
Continue reading Protecting Yourself and Others from Backscatter Spam with Exchange Server 2007»
Written by Sue Walsh
closeAuthor: Sue Walsh
Name: Sue Walsh
Email: siwriter@si.rr.com
Site:
About: See Authors Posts (254) on July 2, 2008
GFI has released a white paper examining NDR spam. NDRs (Non Delivery Reports) are simply the “bounce back” message a sender gets when their email is rejected by the recipient’s mail server. This usually happens if the address is invalid or the sender’s has been added to a blacklist. Spammers can wreak havoc with NDRs when they send thousands of spam messages to a domain using an alphabet attack. The flood of NDRs that result consume bandwidth and resources, slowing servers down. Spammers have another trick up their sleeves as well. They forge the From: field using a legit address and this results in people getting NDR’s for messages they never sent-with the spam conveniently attached, of course!
In extreme cases this can act like a DDoS attack and cripple a server. If you maintain a server responsible for sending this backscatter, you may find your domain blacklisted, causing headaches for your users. What’s the solution? If your server is on the receiving end, turning off any catch all addresses is a smart move. On the other end? Configure your server to reject during STMP transmission. Another way to fight backscatter is with an anti-spam solution that detects spam in NDR’s and deletes them from the server. One of these is the award winning MailEssentials program by GFI. It’s the number 1 anti-spam filter on the market. To learn more, read GFI’s NDR spam white paper and make an informed decision for your business.
Written by Sue WalshcloseAuthor: Sue Walsh
Name: Sue Walsh
Email: siwriter@si.rr.com
Site:
About: See Authors Posts (254) on April 25, 2008
According to Slashdot, Google’s mail servers appear to be responsible for sending large amounts of backscatter. They don’t perform any recipient validation for the googlegroups and blogger.com domains (and presumably their other domains as well), allowing spammers to launch large-scale dictionary attacks against them using forged headers and envelope sender addresses. This results in the owners of those forged addresses getting huge amounts of bounce messages when the spam hits non-existent users on Google’s domains. Most correctly set up mail servers don’t generate such bounce messages. Tell that to Google’s mail server! Botnets love mail servers like this and will go to town on them, commencing an unrelenting barrage of spam.
Most ISPs won’t hesitate to place a block on any IP that receives complaints of backscatter, and that can cause big headaches for innocent people. There are even reports of businesses having entire mail servers wiped out due to backscatter.
What Google should be doing is rejecting traffic to bogus users during the SMTP transaction. Several techniques can be used to do this:
- Recipient validation
- Reject senders on dynamic black lists
- Reject. email from servers senders that do not have a reverse DNS entry
Unfortunately Google is doing none of them. Slashdot also reports that emails sent to abuse@google.com and postmaster@google.com went unanswered except for a canned response that didn’t address the situation.
It’s very surprising that Google, whose Gmail program has been widely praised for its spam controls, would have such badly misconfigured mail servers. Ironically, those same spam controls have reportedly been blacklisting Google themselves. According to an article on newswireless.net, Gmail placed a user’s Google Alerts in his spam folder. Ah that wacky Google!
For more information, the website DontBounceSpam.org has an extensive list of resources and tips for server admins and end users on how to fight backscatter and reduce overall spam.
Loading ...