A new report  has found that non-delivery receipt spam is rising dramatically. In August the amount of such spam rose a whopping 2000% over levels from January to June, and it’s responsible for 20% of all global spam sent.

The spams being sent look exactly like traditional bounce back messages except the person receiving them never actually sent the message they are being told couldn’t be delivered. The spam message itself is contained in the attachment that comes along with the fake error message. The spammer is counting on people being curious or alarmed enough to open it to see what they supposedly sent.

         According to the report, “there is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks; either way, this technique is now among the most widely used. These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now”.

So far this kind of spam hasn’t been found to be carrying malware but the fake messages can give less tech savvy individuals the impression that their email account has been compromised. Email spoofing, another technique often used by spammers, also generates non-delivery messages (but these are real, sent from servers where the spam with the spoofed header was sent to invalid addresses).

Experts say spammers have turned to non-delivery receipt spam because error messages are not commonly blocked by spam filters or blacklists.

GFI has released a white paper examining NDR spam. NDRs (Non Delivery Reports) are simply the “bounce back” message a sender gets when their email is rejected by the recipient’s mail server. This usually happens if the address is invalid or the sender’s has been added to a blacklist. Spammers can wreak havoc with NDRs when they send thousands of spam messages to a domain using an alphabet attack. The flood of NDRs that result consume bandwidth and resources, slowing servers down. Spammers have another trick up their sleeves as well. They forge the From: field using a legit address and this results in people getting NDR’s for messages they never sent-with the spam conveniently attached, of course!

In extreme cases this can act like a DDoS attack and cripple a server. If you maintain a server responsible for sending this backscatter, you may find your domain blacklisted, causing headaches for your users. What’s the solution? If your server is on the receiving end, turning off any catch all addresses is a smart move. On the other end? Configure your server to reject during STMP transmission. Another way to fight backscatter is with an anti-spam solution that detects spam in NDR’s and deletes them from the server. One of these is the award winning MailEssentials program by GFI. It’s the number 1 anti-spam filter on the market. To learn more, read GFI’s NDR spam white paper and make an informed decision for your business.