CMS Logo Home Page Click Computer Mail Services, Inc. CMS Home Page
Computer Mail Services, Inc.
Software / Services / eMail Tools: IP Address Blocking, Spam Filtering, Log Data Mining and DNS Blacklist Monitoring
TELEPHONE: 248.352.6700 or 800.883.2674 (USA Only) FOR SALES AND OTHER INFORMATION...

Products
BL-Monitor
ES-Insight
XE-Filter
Praetor Software
OTHER LINKS
FAQ
Downloads
Price Quotes
Purchasing/Forms
ROI/Spam Calculator
News/Analysis
Press Release
Comments
Support
About CMS

RECENT CMS BLOGS

Spam, Bacon and Ice Cream eMail

Golf, Miami Housing and Cristal Champagne

Twitter, Facebook, LinkedIn and eMail Spam

Visit CMS Blog...

CMS XML Button

Google
Web CMS

CMS A Microsoft Certified Partner

Privacy Policy
Trademarks / Logos
Site Map
 

Reverse NDR Spam Attacks

How Spammers Turn a Mail Server into a Mail Relay

  

What is a "Reverse NDR" attack?

Spammers can avoid email filters built into many systems by taking advantage of a mail systems sending of a non-delivery report (NDR).  An NDR is generated when a message cannot be delivered as addressed and returns the original contents.  

CMS calls this a "Reverse NDR attack" (RNDR). Many sites experience this, some so badly that over 99% of their email is attributed to RNDR spam.

The result is the spammer has attained a form of mail relaying with your server's resources being stolen to deliver spam.

How does Praetor stop "RNDR" attacks?

Defense against this attack is just one of several important features found in the Praetor product.

For more information on RNDR attacks ...

Praetor Documentation

Contact CMS Info

Test your vulnerability to RNDR attacks

Other products claim to defend against RNDR attacks but CMS has verified that many have poor implementations that actually open other vulnerabilities.

Microsoft SMTP Servers are vulnerable

Microsoft's Exchange 2003 is not vulnerable to RNDR attacks, but...

Microsoft's RNDR solution is open to "directory harvest" attacks.

Don't turn your Microsoft server into an indirect mail relay or worse.

 
 

What are the symptoms of a RNDR attack?

Your corporate mail server is repeatedly blacklisted

Sluggish email delivery

Outbound queues full of non-delivery notices

Excessive admin time to clear outbound queues

 How does a "Reverse NDR" attack work?

Phase 1

Spam email is created with the intended spam victim's address in the sender field and a random, fictitious recipient, at your domain, in the To: field.

Phase 2

Your mail server cannot deliver the message and sends an NDR email back to what appears to be the sender of the original message, the spam victim.

Phase 3

The return email carries the non-delivery report and possibly the original spam message.  Thinking it is email they sent, the spam victim reads the NDR and the included spam.

Is RNDR all hype? These people disagree
"This [NDR Attack] has been a big problem for us, particularly over night, when our exchange server was sending our great batches of NDRs in response to randomly chosen email addresses at our domain."
Stephen H.
IT Mgr - KCE Europe
"The product [Praetor] was suggested by Microsoft Tech Support to address an NDR SPAM attack on our server..."
Private School Principal
New Jersey
"We called Microsoft Support about the reverse NDR problem only to find out that Microsoft doesn't have a solution for it."
Stephan van Heerden
IT Administrator
Media Profile
Referred to CMS, Praetor was the solution to halt RNDR attacks
Are your servers RNDR safe?

TAKE THE TEST


RELATED ITEMS

Click on any image

Hit Counter

[ Home ]   [ About CMS ]   [ Site Map ]   [ Support ]   [ Downloads ]   [ FAQ ]   [ News ]   [ Press Release ]
[ XE-Filter ]   [ ES-Insight ]   [ BL-Monitor ]   [ Praetor Software ]   [ Ad Sponsorship ]

Send mail to Webmaster with questions or comments about this web site.
Copyright 2011 Computer Mail Services, Inc.