GFI has released a white paper examining NDR spam. NDRs (Non Delivery Reports) are simply the “bounce back” message a sender gets when their email is rejected by the recipient’s mail server. This usually happens if the address is invalid or the sender’s has been added to a blacklist. Spammers can wreak havoc with NDRs when they send thousands of spam messages to a domain using an alphabet attack. The flood of NDRs that result consume bandwidth and resources, slowing servers down. Spammers have another trick up their sleeves as well. They forge the From: field using a legit address and this results in people getting NDR’s for messages they never sent-with the spam conveniently attached, of course!

In extreme cases this can act like a DDoS attack and cripple a server. If you maintain a server responsible for sending this backscatter, you may find your domain blacklisted, causing headaches for your users. What’s the solution? If your server is on the receiving end, turning off any catch all addresses is a smart move. On the other end? Configure your server to reject during STMP transmission. Another way to fight backscatter is with an anti-spam solution that detects spam in NDR’s and deletes them from the server. One of these is the award winning MailEssentials program by GFI. It’s the number 1 anti-spam filter on the market. To learn more, read GFI’s NDR spam white paper and make an informed decision for your business.

According to Slashdot, Google’s mail servers appear to be responsible for sending large amounts of backscatter. They don’t perform any recipient validation for the googlegroups and blogger.com domains (and presumably their other domains as well), allowing spammers to launch large-scale dictionary attacks against them using forged headers and envelope sender addresses. This results in the owners of those forged addresses getting huge amounts of bounce messages when the spam hits non-existent users on Google’s domains. Most correctly set up mail servers don’t generate such bounce messages. Tell that to Google’s mail server! Botnets love mail servers like this and will go to town on them, commencing an unrelenting barrage of spam.

Most ISPs won’t hesitate to place a block on any IP that receives complaints of backscatter, and that can cause big headaches for innocent people. There are even reports of businesses having entire mail servers wiped out due to backscatter.

What Google should be doing is rejecting traffic to bogus users during the SMTP transaction. Several techniques can be used to do this:

• Recipient validation
• Reject senders on dynamic black lists
• Reject. email from servers senders that do not have a reverse DNS entry

Unfortunately Google is doing none of them. Slashdot also reports that emails sent to abuse@google.com and postmaster@google.com went unanswered except for a canned response that didn’t address the situation.

It’s very surprising that Google, whose Gmail program has been widely praised for its spam controls, would have such badly misconfigured mail servers. Ironically, those same spam controls have reportedly been blacklisting Google themselves. According to an article on newswireless.net, Gmail placed a user’s Google Alerts in his spam folder. Ah that wacky Google!

For more information, the website DontBounceSpam.org has an extensive list of resources and tips for server admins and end users on how to fight backscatter and reduce overall spam.