|
Backscatter
spam is the term used to describe the consequence of spammers launching a
Reverse NDR attack on vulnerable mail servers.
These servers receive large quantities of
spammer messages to fictitious and non-existent email
addresses in their domain. Not deliverable as
addressed, the email server sends a non-delivery report
(NDR) to whoever is addressed as the sender in the
original message. These returned NDR messages are
backscatter spam.
HOW TO DETECT BACKSCATTER SPAM
To determine if a domain is used in a backscatter spam
attack, look for an unusually high number of NDR
messages. These are easily identifiable by the
presence of "<>", denoting a blank sender address.
Extreme cases of backscatter spam will slow or stop
email delivery as the server tries to handle increasing
volumes of NDR messages.
CMS has defined this situation as a distributed
denial of service spam attack
(DoS spam) since the backscatter spam
may arise from multiple vulnerable email servers.
|
PREVENTING BACKSCATTER SPAM
CMS recommends
XE-Filter as an effective defense against
backscatter spam
|
Case Study: A Flood of DoS Spam
A small West Coast trucking company (25 corporate
email mailboxes) was suddenly overwhelmed with with
a flood of spam. If XE-Filter was not in
place, their email capabilities and servers would
have ground to a halt, succumbing to the DoS spam.
The first three weeks of March saw their XE-Filter stop an
average of over 1 million unwanted messages every day.
Eventually, CMS believes that the originators of
the DoS Spam Attack, realized that their efforts to
breach the security of this small company were
unsuccessful and the flood of spam subsided.
|
|
|
BL-Monitor
