Spam bounce messages compromising networks
April 25, 2006
IronPort study finds more than 50% of the Fortune 500 corporations have experienced mail service outages or delays because of misdirected bounces targeting their networks.
The study published by the IronPort Threat Operations Center measured the volume of misdirected bounces traversing the Internet.
These bounce messages make up a shocking 11% of all "hostile mail" -- which includes spam, viruses and phishing emails. Only a tiny fraction of a percentage of these messages makes it through to end-users.
An email bounce message is an email notifying a sender that their message was not delivered for some reason. If a sender mistyped a person's address, they may receive a bounce notification telling them that their message was not delivered.
When a spammer is sending out ten million spam messages per day, 20% or more will bounce because of invalid addresses. Since the spammers don't want to deal with two million incoming bounce messages, they typically forge the return address and the bounces become "misdirected" or returned to an innocent third party that had nothing to do with the spam in the first place.
Such notifications are integral to how email works, very similar to the return of a postal letter that was not deliverable. However, there is a fundamental flaw in the email protocol itself that allows a return address to be forged. So, any attempt to return a message to a forged return address will result in an unwanted, and often times bewildering, email bounce message being delivered to the unsuspecting email user whose name was fraudulently called out on the original email's return address.
Nearly every email user has had the unnerving experience of receiving a notification from some corporation or ISP saying, "the message you sent could not be delivered because it contained a virus." But, on closer inspection, this notice came from some address that the user has never heard of or never sent mail to.
Concerned that their machine has been compromised by one of the many email-borne computer viruses, users will often contact their corporate IT support team for assistance. Most of these help desk calls are unnecessary because the message the end-user received was a misdirected bounce, another insidious ploy by criminals polluting the Internet with spam, viruses, phishing and spyware.
According to IronPort, the cost of the associated IT help desk actions exceeds $5B per year.
The study is available at www.ironport.com/bouncereport
RELATED:
DARK TRAFFIC -- the hidden email threat