GCN Tech Blog

By GCN Staff

Blog archive

The dirt on 'misdirected bounces'

IronPort Systems this week released its paper on misdirected bounce messages (registration required). These are e-mails spammers send out that can't find their destinations and therefore bounce back--maybe on someone like you.

Not surprisingly, the company's proposed solution to misdirected bounces is to buy its poducts, but the interested network admin may want to know that IronPort's Threat Operations Center messured an average of 4.5 billion misdirected bounce messages per day. According to the report:

'If only 0.2 percent of these messages generate an IT trouble ticket (a very conservative assumption) that corresponds with 900,000 tickets per day. At a global ticket cost of (US) $20 per ticket, this equals (US) $4.5 billion annually consumed by misdirected bounces.'

That doesn't take into account more hard-to-define costs, such as outages, bandwidth consumption, etc.

But here's what IronPort is really trying to get at:

'There is another, far more significant, cost associated with misdirected bounces. If a spammer sends out a 100 million message spam campaign, and (instead of rotating through random return addresses) uses a single forged return address of, for example, 'postmaster@victim.com,' then postmaster@victim.com is going to receive 20 million bounce messages from 20 million different legitimate mail gateways across the Internet. These 20 million legitimate mail gateways are performing what should be an electronic courtesy, but they are actually unwittingly participating in a massive DDoS attack.'

Something to think about.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.