The dirt on 'misdirected bounces'
IronPort Systems this week released its paper on misdirected bounce messages
(registration required). These are e-mails spammers send out that can't find their destinations and therefore bounce back--maybe on someone like you
Not surprisingly, the company's proposed solution to misdirected bounces is to buy its poducts, but the interested network admin may want to know that IronPort's Threat Operations Center messured an average of 4.5 billion misdirected bounce messages per day. According to the report:
'If only 0.2 percent of these messages generate an IT trouble ticket (a very conservative assumption) that corresponds with 900,000 tickets per day. At a global ticket cost of (US) $20 per ticket, this equals (US) $4.5 billion annually consumed by misdirected bounces.'
That doesn't take into account more hard-to-define costs, such as outages, bandwidth consumption, etc.
But here's what IronPort is really trying to get at:
'There is another, far more significant, cost associated with misdirected bounces. If a spammer sends out a 100 million message spam campaign, and (instead of rotating through random return addresses) uses a single forged return address of, for example, 'firstname.lastname@example.org,' then email@example.com is going to receive 20 million bounce messages from 20 million different legitimate mail gateways across the Internet. These 20 million legitimate mail gateways are performing what should be an electronic courtesy, but they are actually unwittingly participating in a massive DDoS attack.'
Something to think about.Posted by Brad Grimes
Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM