GCN Tech Blog

By GCN Staff

Blog archive

The next big spam threat?

Imagine for a minute you're a spammer. You're getting ready to launch a multi-million-message spam campaign. It doesn't matter where you got your e-mail addresses, you know a chunk of them will be no good. Those e-mail messages are going to bounce back--and you don't want them bouncing back in your direction. So you substitute other, legitimate return addresses. One of the return addresses you use is "Info@AFedAgency.gov."

Now imagine you're working IT for AFedAgency. Spammers who spoof return addresses used to rotate several of them through their messages. They don't always do that anymore. The spammer about to press Send on his multi-million-message campaign spoofed just one return address: "Info@AFedAgency.gov." That spammer's not necessarily out to get you (he just wants his Viagra message seen by as many people as possible), but when his spam starts bouncing back from outdated or illegitimate addresses, it's coming your way.

These spam messages are known as misdirected bounces. And officials from IronPort Systems Inc. expect them to be a growing problem for government agencies--if they aren't already. IronPort makes reputation filter-based e-mail security appliances used by several government agencies, including the FDA.

IronPort's Ambika Gadre and Tom Gillis described for GCN today a report the company is finishing that analyzes the extent of misdirected bounces. By the company's estimates, 11 percent of e-mail traffic today comprises these lost spam messages seeking a return address home. If home is within your agency's domain, you could be looking at a form of denial of service attack. IronPort's federal manager Tom Topping calls it "a fully distributed DOS attack" because it could come from so many different addresses at once, including very legit-looking ones, such as those of your contractors or other partners.

IronPort's C-Series of mail appliances now includes something called Secure Bouncing, which helps prevent misdirected bounces. The company introduced the capability about three months ago, Gillis said. It can sense a flood of misdirected bounces and, for instance, temporarily shut down the Info@AFedAgency.gov address.

Keep in mind, technology like this could help protect your inbound e-mail stream, but if misdirected bounces grow into the kind of problem IronPort thinks it will, you're outbound e-mail stream could stand a good scrubbing. You don't want to end up on blacklists.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Mar 24, 2006 at 9:39 AM


Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.