Slashdot Mirror

← Back to Stories (view on slashdot.org)

100 Email Bouncebacks - Welcome to Backscattering

Posted by timothy on from the annoying-as-heck-if-heck-is-like-hell dept.

distefano links to a story on Computerworld, excerpting: "E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing. The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: 'Cyails, Vygara nad Levytar,' 'UNSOLICITED BULK EMAIL, apparently from you.' You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter — bounceback messages from legitimate e-mail servers that have been fooled by the spammers."

10 of 316 comments (clear)

  1. same wine, old bottle by MollyB · · Score: 5, Informative

    This story was preceded less than a month ago:
    https://tech.slashdot.org/article.pl?sid=08/04/08/2258246

    I had a bunch of these back then, now they are happening again. Here is some information about the subject.
    http://spamlinks.net/prevent-secure-backscatter.htm

    You should only get NDRs from your own ISP, as I undestand it. The other mail admins are being fooled by your spoofed return address, and should know better.

    1. Re:same wine, old bottle by KinkyClown · · Score: 5, Funny

      This story was preceded less than a month ago: https://tech.slashdot.org/article.pl?sid=08/04/08/2258246 No this message is a backscatter automated post so technically it's not a dupe.
  2. Re:De-standardize, and make it worthwhile. by erikina · · Score: 5, Interesting

    Ugh, care to elaborate? Anyway, I think the solution is simple. Just publish a giant list of all mail servers not configured properly. It wouldn't be hard to write a script, to verify if a domain is configured or not. It would function as a name and shame list. But more than that, all spammers would harvest from it, and absolutely smash the listed servers until they were forced to configure them properly.

  3. Easy filtering solution by Richard+W.M.+Jones · · Score: 5, Interesting

    There's an easy way to filter out backscatter while preserving bounce messages that you care about (ie. ones about email that you actually sent):

    1. Add your own custom header to all your outgoing emails. Doesn't matter what it is, but it should be unique, eg. 'X-Really-From-Richard-Jones: xsomesecretx'

    2. MTAs include the original headers in bounce messages, so discard bounce messages which don't contain your custom header.

    You can even be smart and sign the header based on the content of the email using a private key, which would make it unforgeable, but at the moment you don't need to do that.

    Rich.

    --
    libguestfs - tools for accessing and modifying virtual machine disk images
    1. Re:Easy filtering solution by djmurdoch · · Score: 5, Informative

      how do I do that in Thunderbird? Set the custom headers preference.
    2. Re:Easy filtering solution by rjames13 · · Score: 5, Informative

      Go into Preferences->Advanced Tab and click Config Editor Button.

      Alter the setting
      mail.identity.default.headers
      to include the string header1
      note header1 is just a label
      then add a new string called
      mail.identity.id1.header.header1
      Set the value of that to your X-line

      From now on all mail sent from Identity 1 will have that header on it.

      To create a filter based on that. Obtain an email with that header. Find a clickable link in the header and right click and select create filter from message.

      At first from the drop down box you can't select that X-line so you need to go to the bottom and click customise. You can put that header in there. Now you can create a filter from it.

  4. Why is this only getting noticed now? by gsslay · · Score: 5, Informative

    I must have read at least 3 news stories about backscatter in the last week. Why is this only getting attention now when it's been a problem for years? Is it just because someone has coined a word for it?

    I can remember years back when some spammer decided to use my domain name in their spam run. Hundreds of bounced emails every day and I cursed everyone of the dumb mail servers that mailed them; complete with original html email, images and any other crappy attachment. ("Hundreds" may be small potatoes these days, but they were a big deal at the time.) Just the very idea that spammers would supply a genuine reply address seemed so incredibly stupid, yet there they were; dozens of carefully worded variants of the same "naughty spammer, don't email me" reply. I could just see some smug sysadmin configuring their system with this badly thought-out garbage, thinking "ha! that'll show them!"

    None of my mail servers since then have ever bounced spam or mis-addressed emails.

  5. Re:De-standardize, and make it worthwhile. by Badanov · · Score: 5, Insightful
    My guess is you either don't write spam header filters, or you hate it so much you're trying to find an easier solution.

    Helluvua lot of mail servers out there not configured "properly." I can't block some mail even from "legitimate" mail servers because they are not configured well enough some of my spam rules don't pick them up, so how would a "list" fix that?

    As it is, the lists from the anti spam houses work very little. There are so many zombie mail servers out there, I guess, no one can really effectively police these things except through spam filters. And Google are the only folks who can afford a full time staff writing spam filter rules.

    Any more properly used to mean not an open relay; now it can can mean not in the same network segment that does have spamming email servers. Lists just add to the insanity and often punish legitimate mail servers.

    --
    Dawn of the Dead
  6. Re:A trickle?! by MBGMorden · · Score: 5, Insightful

    Supposedly there's a mail configuration option you can set to make it possible for servers to verify mail from your domain (must originate from this ip range) but the domain hosting company I'm with doesn't expose that particular feature. It's called SPF which is Sender Policy Framework. Problem is, it's not used often enough at current time, so very few mail servers will actually reject a message that fails an SPF check.

    The best thing honestly would be for these servers to just clean their act up and handle things properly. Mail rejects should be done before the connection between the two servers closes. It should always be up to the SENDING mail server to generate a bounce rather than the receiving.

    The odds of that happening are pretty slim though. There is a "bounce killer" feature in the new version of amavisd-new that I'm looking at that might work well. Apparently (I haven't installed the new version yet) it will store the message ID's of your outgoing messages and if a bounce comes back with an invalid message ID it deletes it.
    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
  7. Re:De-standardize, and make it worthwhile. by FatdogHaiku · · Score: 5, Interesting

    How about we change the delivery method. Instead of an email being sent to me and sitting on my server or service waiting for me to sort it, you send me the headers for the sender, subject, size, date, and attachment status while the message and attachments sit on YOUR server until I chose to pick it up or it expires. The reduction in bandwidth should pay for the increase in storage, and the spammers would have to leave their message sitting on a machine somewhere waiting for me to pick it up (hint, not gonna happen).
    1. No servers flooding the net with messages.
    2. Easily identifiable spam sources, making bot-nets less useful.
    3. Reduced bandwidth as the system replaces the old one.
    4. Allow email clients and webmail services to be configured retrieve every message for the few numb nuts that don't/won't get it.
    5. Profit (via reduced long term cost).
    Just spitballing...

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office