GCN Tech Blog

By GCN Staff

Blog archive

The next big spam threat?

Imagine for a minute you're a spammer. You're getting ready to launch a multi-million-message spam campaign. It doesn't matter where you got your e-mail addresses, you know a chunk of them will be no good. Those e-mail messages are going to bounce back--and you don't want them bouncing back in your direction. So you substitute other, legitimate return addresses. One of the return addresses you use is "Info@AFedAgency.gov."

Now imagine you're working IT for AFedAgency. Spammers who spoof return addresses used to rotate several of them through their messages. They don't always do that anymore. The spammer about to press Send on his multi-million-message campaign spoofed just one return address: "Info@AFedAgency.gov." That spammer's not necessarily out to get you (he just wants his Viagra message seen by as many people as possible), but when his spam starts bouncing back from outdated or illegitimate addresses, it's coming your way.

These spam messages are known as misdirected bounces. And officials from IronPort Systems Inc. expect them to be a growing problem for government agencies--if they aren't already. IronPort makes reputation filter-based e-mail security appliances used by several government agencies, including the FDA.

IronPort's Ambika Gadre and Tom Gillis described for GCN today a report the company is finishing that analyzes the extent of misdirected bounces. By the company's estimates, 11 percent of e-mail traffic today comprises these lost spam messages seeking a return address home. If home is within your agency's domain, you could be looking at a form of denial of service attack. IronPort's federal manager Tom Topping calls it "a fully distributed DOS attack" because it could come from so many different addresses at once, including very legit-looking ones, such as those of your contractors or other partners.

IronPort's C-Series of mail appliances now includes something called Secure Bouncing, which helps prevent misdirected bounces. The company introduced the capability about three months ago, Gillis said. It can sense a flood of misdirected bounces and, for instance, temporarily shut down the Info@AFedAgency.gov address.

Keep in mind, technology like this could help protect your inbound e-mail stream, but if misdirected bounces grow into the kind of problem IronPort thinks it will, you're outbound e-mail stream could stand a good scrubbing. You don't want to end up on blacklists.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Mar 24, 2006 at 9:39 AM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.