Anti Spam Community

• About this group
• Forums

• Home
• Groups
• Anti Spam Community
• Forums
• News & events
• Bounce SPAM

• 
  Nils Decker    Premium Member   Group moderator

  The company name is only visible to registered members.

  Bounce SPAM

  In the last few days there has been a huge increase in bounce spam, perhaps you noticed?!
  
  How does bounce spam work? The principle is relatively simple and has it's roots in the catch-all function of a domain's SMTP settings. Once a domain has that feature activated, it basically means, that anything@yourdomain.com will be delivered to yourdomain.com. Now, if a spammer finds out about that, he will randomise email addresses such as randomemailaddress@yourdomain.com, will send thousands (or likely more) emails out with this spoofed address and whenever it is send to a non-valid recipient emailaddress, yourdomain.com will receive a bounce-message from the receiving SMTP (and these bounce-messages can easily be in the ten thousands for a single spam attack with spoofed addresses). And in this bounce message, of course the SPAM content is still visible to you.
  
  What to do? Quite simple: don't activate catch-all and/ or get a decent spamfilter that has a limit on how many messages a single server (the rejecting recipient SMTP) can send to your domain. If both the receiving and the "apparent" sending server reject the message, it disappears :)
  
  Enjoy the rest of your week!
  
  • 16 Apr 2008, 6:00 pm
  Nils Decker wrote: > In the last few days there has been a huge increase in bounce spam, > perhaps you noticed?! > > How does bounce spam work? The principle is relatively simple and has > it's roots in the catch-all function of a domain's SMTP settings. > Once a domain has that feature activated, it basically means, that > anything@yourdomain.com will be delivered to yourdomain.com. Now, if > a spammer finds out about that, he will randomise email addresses > such as randomemailaddress@yourdomain.com, will send thousands (or > likely more) emails out with this spoofed address and whenever it is > send to a non-valid recipient emailaddress, yourdomain.com will > receive a bounce-message from the receiving SMTP (and these > bounce-messages can easily be in the ten thousands for a single spam > attack with spoofed addresses). And in this bounce message, of course > the SPAM content is still visible to you. > > What to do? Quite simple: don't activate catch-all and/ or get a > decent spamfilter that has a limit on how many messages a single > server (the rejecting recipient SMTP) can send to your domain. If > both the receiving and the "apparent" sending server reject the > message, it disappears :) > > Enjoy the rest of your week!
• Post visible to registered members