GCN Tech Blog

By GCN Staff

Blog archive

The next big spam threat?

Imagine for a minute you're a spammer. You're getting ready to launch a multi-million-message spam campaign. It doesn't matter where you got your e-mail addresses, you know a chunk of them will be no good. Those e-mail messages are going to bounce back--and you don't want them bouncing back in your direction. So you substitute other, legitimate return addresses. One of the return addresses you use is "Info@AFedAgency.gov."

Now imagine you're working IT for AFedAgency. Spammers who spoof return addresses used to rotate several of them through their messages. They don't always do that anymore. The spammer about to press Send on his multi-million-message campaign spoofed just one return address: "Info@AFedAgency.gov." That spammer's not necessarily out to get you (he just wants his Viagra message seen by as many people as possible), but when his spam starts bouncing back from outdated or illegitimate addresses, it's coming your way.

These spam messages are known as misdirected bounces. And officials from IronPort Systems Inc. expect them to be a growing problem for government agencies--if they aren't already. IronPort makes reputation filter-based e-mail security appliances used by several government agencies, including the FDA.

IronPort's Ambika Gadre and Tom Gillis described for GCN today a report the company is finishing that analyzes the extent of misdirected bounces. By the company's estimates, 11 percent of e-mail traffic today comprises these lost spam messages seeking a return address home. If home is within your agency's domain, you could be looking at a form of denial of service attack. IronPort's federal manager Tom Topping calls it "a fully distributed DOS attack" because it could come from so many different addresses at once, including very legit-looking ones, such as those of your contractors or other partners.

IronPort's C-Series of mail appliances now includes something called Secure Bouncing, which helps prevent misdirected bounces. The company introduced the capability about three months ago, Gillis said. It can sense a flood of misdirected bounces and, for instance, temporarily shut down the Info@AFedAgency.gov address.

Keep in mind, technology like this could help protect your inbound e-mail stream, but if misdirected bounces grow into the kind of problem IronPort thinks it will, you're outbound e-mail stream could stand a good scrubbing. You don't want to end up on blacklists.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Mar 24, 2006 at 9:39 AM

inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Tue, Jan 6, 2009 Email Encryption Gateway http://www.ironport.com/products/ironport_encryption.html

The Cisco 2008 Annual Security Report is available at Ironport.com.

Wed, Mar 29, 2006 mike walsh VA

Ask any SA / MA that uses IP c60 appliances (like DISA or AKO) and they will tell you that MILLIONS (not thousands) of messages are correctly accepted and sent versus the HUNDREDS of millions of spam that try to fool the IP filters. the c60 is a serious enterprise tool not a desktop or SMB solution. Very cool technology that works and meets a real requirement.

Fri, Mar 24, 2006 vasile garnet

Good luck in your search/job, boys. I highly recommend SpamBully - the best spam filter I have ever used. Very easy to use and blocks all unwanted e-mail.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above


HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities