GCN Tech Blog

By GCN Staff

Blog archive

The dirt on 'misdirected bounces'

IronPort Systems this week released its paper on misdirected bounce messages (registration required). These are e-mails spammers send out that can't find their destinations and therefore bounce back--maybe on someone like you.

Not surprisingly, the company's proposed solution to misdirected bounces is to buy its poducts, but the interested network admin may want to know that IronPort's Threat Operations Center messured an average of 4.5 billion misdirected bounce messages per day. According to the report:

'If only 0.2 percent of these messages generate an IT trouble ticket (a very conservative assumption) that corresponds with 900,000 tickets per day. At a global ticket cost of (US) $20 per ticket, this equals (US) $4.5 billion annually consumed by misdirected bounces.'

That doesn't take into account more hard-to-define costs, such as outages, bandwidth consumption, etc.

But here's what IronPort is really trying to get at:

'There is another, far more significant, cost associated with misdirected bounces. If a spammer sends out a 100 million message spam campaign, and (instead of rotating through random return addresses) uses a single forged return address of, for example, 'postmaster@victim.com,' then postmaster@victim.com is going to receive 20 million bounce messages from 20 million different legitimate mail gateways across the Internet. These 20 million legitimate mail gateways are performing what should be an electronic courtesy, but they are actually unwittingly participating in a massive DDoS attack.'

Something to think about.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.