GCN Tech Blog

By GCN Staff

Blog archive

The next big spam threat?

Imagine for a minute you're a spammer. You're getting ready to launch a multi-million-message spam campaign. It doesn't matter where you got your e-mail addresses, you know a chunk of them will be no good. Those e-mail messages are going to bounce back--and you don't want them bouncing back in your direction. So you substitute other, legitimate return addresses. One of the return addresses you use is "Info@AFedAgency.gov."

Now imagine you're working IT for AFedAgency. Spammers who spoof return addresses used to rotate several of them through their messages. They don't always do that anymore. The spammer about to press Send on his multi-million-message campaign spoofed just one return address: "Info@AFedAgency.gov." That spammer's not necessarily out to get you (he just wants his Viagra message seen by as many people as possible), but when his spam starts bouncing back from outdated or illegitimate addresses, it's coming your way.

These spam messages are known as misdirected bounces. And officials from IronPort Systems Inc. expect them to be a growing problem for government agencies--if they aren't already. IronPort makes reputation filter-based e-mail security appliances used by several government agencies, including the FDA.

IronPort's Ambika Gadre and Tom Gillis described for GCN today a report the company is finishing that analyzes the extent of misdirected bounces. By the company's estimates, 11 percent of e-mail traffic today comprises these lost spam messages seeking a return address home. If home is within your agency's domain, you could be looking at a form of denial of service attack. IronPort's federal manager Tom Topping calls it "a fully distributed DOS attack" because it could come from so many different addresses at once, including very legit-looking ones, such as those of your contractors or other partners.

IronPort's C-Series of mail appliances now includes something called Secure Bouncing, which helps prevent misdirected bounces. The company introduced the capability about three months ago, Gillis said. It can sense a flood of misdirected bounces and, for instance, temporarily shut down the Info@AFedAgency.gov address.

Keep in mind, technology like this could help protect your inbound e-mail stream, but if misdirected bounces grow into the kind of problem IronPort thinks it will, you're outbound e-mail stream could stand a good scrubbing. You don't want to end up on blacklists.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Mar 24, 2006 at 9:39 AM


Featured

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.