Why You Should Care, and What You Should Know
You've just received a non-delivery report for an email you never sent. One of your employees has opened a bounce from an email they don't recognize. Or, worse, your email servers are suddenly flooded and system speed has slowed to a snail's pace. What the heck is going on? Could be a backscatter problem! Here's a quick Q&A to acquaint you with backscatter and offer some remedies you can implement today.
Q: What exactly is backscatter? Backscatter is the term for the bounces, replies, or other unwanted or unexpected email you may receive from third parties -- when you did not send any email to them in the first place. It can be mystifying, surprising, frustrating and even dangerous until you understand how backscatter is created. Q: How is backscatter caused, and why am I getting it? Backscatter is the result of a spammer using your email address(s) to send spam to third parties. The spammer, of course, is forging or faking your address(s) -- also known as spoofing. But because SMTP protocol has no validation built into it, there is no way to stop spammers from using your name or email address in messages they send out. It's not so different from regular mail that goes through the US Post Office. Imagine that a marketing company mailed 1,000,000 fliers to various businesses but printed your return address on the envelopes. If some of this mail could not be delivered to the addressed recipient, the Post Office would return the envelope to you -- even though you never actually sent it! Backscatter is sometimes used by hackers to attack a company's network. The hacker will forge an email from your address, and use that email to spam millions of recipients all over the world. The hacker's intent is to flood your mailservers with massive volumes of non-delivery reports -- a crude but popular Denial of Service (DoS) attack method. Q: Will the SECNAP SpammerTrap solution send backscatter to other people? Put another way, is the SECNAP SpammerTrap email security solution as easily fooled by spammers? Absolutely not. SpammerTrap software is sophisticated enough to prohibit backscatter from being sent. This is accomplished through several proprietary tools, with the end result being that SpammerTrap will virtually never send email bounces to recipients who did not originally send the message. Q: How can I stop backscatter from happening? The first step to reduce the backscatter entering your system is to make sure your SpammerTrap has a 'local recipient' cache of all the valid recipients in your organization. This can be set up on the Edit Recipients page and can be automatically updated via LDAP. Allowing SpammerTrap to know who is a valid recipient enables it to immediately discard any backscatter that is sent to random or non-existent users. This leaves only the backscatter sent to real or valid users in your organization, which can be prevented by a second step: implementing SPF records. By far the most universally supported method of eliminating forged email is using the Sender Policy Framework or SPF. SPF enables an organization to tell mailservers across the globe exactly who is authorized to send email on their behalf, or with their address. In order for SPF to function properly, the third-party email server must check SPF records during its routine. Since most servers do check SPF records, this solution will significantly reduce the backscatter you receive, but backscatter may not be completely eliminated because not all servers check SPF records. (Note: This is an open standard recognized by the IETF, ISO and IEC. For more information about implementing SPF records refer to the SPF project main page at http://www.openspf.org/.) If you have implemented all of the above suggestions and are continuing to experience backscatter, there are additional policy modifications that can be made to your SpammerTrap appliance or service by the SpammerTrap support team. Please email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
';
document.write( '' );
document.write( addy_text28767 );
document.write( '<\/a>' );
//-->\n This e-mail address is being protected from spambots. You need JavaScript enabled to view it
for further assistance. |
