Slashdot Mirror

← Back to Stories (view on slashdot.org)

100 Email Bouncebacks - Welcome to Backscattering

Posted by timothy on from the annoying-as-heck-if-heck-is-like-hell dept.

distefano links to a story on Computerworld, excerpting: "E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing. The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: 'Cyails, Vygara nad Levytar,' 'UNSOLICITED BULK EMAIL, apparently from you.' You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter — bounceback messages from legitimate e-mail servers that have been fooled by the spammers."

9 of 316 comments (clear)

  1. A trickle?! by Zombie · · Score: 3, Insightful

    A few every hour? This weekend marks the second weekend in which I got several hundred bounces in a single night!

    1. Re:A trickle?! by Jurily · · Score: 4, Insightful

      I've been using an "unprotected" gmail account for 2 years now. Currently I have 196 spam, all conveniently labeled as such.

      During that time I only got one false positive, but that was a really poorly formatted message, and they weren't even replying from the same adress I specifically asked the reply from.

      However, I got no false negatives in English, and it took about a week of "Report Spam" to get them up to speed on some new Hungarian torrent tracker spam. Now they're marked spam too.

      All in all, Google's spam filter rocks.

    2. Re:A trickle?! by MBGMorden · · Score: 5, Insightful

      Supposedly there's a mail configuration option you can set to make it possible for servers to verify mail from your domain (must originate from this ip range) but the domain hosting company I'm with doesn't expose that particular feature. It's called SPF which is Sender Policy Framework. Problem is, it's not used often enough at current time, so very few mail servers will actually reject a message that fails an SPF check.

      The best thing honestly would be for these servers to just clean their act up and handle things properly. Mail rejects should be done before the connection between the two servers closes. It should always be up to the SENDING mail server to generate a bounce rather than the receiving.

      The odds of that happening are pretty slim though. There is a "bounce killer" feature in the new version of amavisd-new that I'm looking at that might work well. Apparently (I haven't installed the new version yet) it will store the message ID's of your outgoing messages and if a bounce comes back with an invalid message ID it deletes it.
      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    3. Re:A trickle?! by rolfc · · Score: 3, Insightful

      Moderators,
      This guy know what he is talking about.

      If everyone was publishing SPF-records and enforcing them, the problem would go away. The real problem is that most mailadministrators doesnt have a clue.

  2. Re:SPF + !SRS! by spydir31 · · Score: 3, Insightful

    Here's the solution to backscatter:

    1. only relay authorized messages
    2. reject as soon as possible. no bounces.
    3. do not send out virus warnings, spam warnings, challenge-response requests
  3. Re:De-standardize, and make it worthwhile. by Badanov · · Score: 5, Insightful
    My guess is you either don't write spam header filters, or you hate it so much you're trying to find an easier solution.

    Helluvua lot of mail servers out there not configured "properly." I can't block some mail even from "legitimate" mail servers because they are not configured well enough some of my spam rules don't pick them up, so how would a "list" fix that?

    As it is, the lists from the anti spam houses work very little. There are so many zombie mail servers out there, I guess, no one can really effectively police these things except through spam filters. And Google are the only folks who can afford a full time staff writing spam filter rules.

    Any more properly used to mean not an open relay; now it can can mean not in the same network segment that does have spamming email servers. Lists just add to the insanity and often punish legitimate mail servers.

    --
    Dawn of the Dead
  4. Re:Please Try Again Spammer Dickwads by T-Bone-T · · Score: 3, Insightful

    You say you don't get any but then explain that it gets filtered, meaning you DO get some but you don't see it. Those are mutually exclusive. You can't not get it and filter it, otherwise there wouldn't be anything to filter.

  5. I've been getting "backscatter" for years... by Panaqqa · · Score: 3, Insightful

    It used to really bug me, that someone was sending out spam and using my legitimate email address in the From, Return-path and Envelope-from headers. I began filtering out the "Spam received from YOU" type headers years ago. But what still bugs me about this is those people who set their systems up to add me to some domain based rather than IP address based block list based on these faked headers. For more than a year I have been unable to successfully send email to my insurance company due directly to this issue.

    Then again, I have never regarded email as a reliable method of communication. Everything truly important goes with a read receipt request and if I don't receive one then I phone or send snail mail. I continue to be amazed by the number of screwups I continue to hear about where someone says "I never got [such and such] email."

    1. Re:I've been getting "backscatter" for years... by Panaqqa · · Score: 3, Insightful

      I did not mean to suggest that a competent admin would ever lose legitimate email. The problem comes in many forms, but the biggest culprit is anti-spam filters. These days it seems that everybody and their cousin wants to spam filter your email. ISPs arbitrarily apply such filters to their users accounts, often without any notification. Hosting providers and domain registrars often do the same. System admins, under pressure from management, put in place imperfect solutions and compound the issue by misconfiguration. I employ some network admins myself to help clients with server problems. The number of times I have seen a program such as "Spam Assassin" set to an incredibly aggressive setting AND to delete flagged mail without it ever hitting an inbox is surprising. I have one client right now that has not been able to email their parent company for over 6 weeks. Their messages blackhole. And it is not as if the parent is unsophisticated: they are in the financial sector and employ 17,000 people. And of course nobody in their IT department will admit that any email is being blackholed.

      I personally am one of those who would like to see a new email protocol built from scratch with the spam problem as foremost consideration in the design process. I have a dislike for anything in IT that only "works most of the time", and that's where email has been for quite a while now.

      My 2 cents. Another 2 cents that is.