2
Backscatter and bounce attacks prevention Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam. Backscatter occurs when a Mail Transport Agent (email server) sends a bounce (return message) to a person who did not really send the email, essentially, someone is spoofing the Reply-To field in an email. They then send it to a mail server and it bounces not back to the sending server but to the Reply-To address. Backscatter is caused by people who don't reject mail during delivery, but instead accept the mail and then later send back a bounce message. Problems arise with bounces if they are sent by a mail server to a non-local recipient. Technically bounces are called non-delivery reports (NDR) or delivery status notifications (DSN). If a message did not originate locally, then a mail server cannot know for sure if the address it is sending the bounce to is forged or not. This quickly leads to this unsolicited “backscatter” (or more rarely “outscatter”), sent to sites that never originated the email. If you run a mail server you have a responsibility not to send backscatter. Bounces should ideally only be generated by a mail server to a local recipient. Mail servers should not generate bounces to non-local recipients, but should instead reject the mail during the SMTP session, and leave the remote sending server to handle the bounce: if a rejected mail is a legitimate message, the bounce gets generated by the remote sending machine, as expected; if a rejected mail is not a legitimate message, the remote end will probably not generate a bounce, and all is still well. The MX should be made aware of the status of user mailboxes on the local system that the mail will eventually be delivered to. To reduce the chances of a bounce being necessary, DNSBLs should be used to reject spam during the SMTP session based on the sending IP address, and content based spam filters should be used to identify and reject spam during the SMTP session, during the DATA phase. In that way Bounce attacks can be used to leverage the initial recipient's "good" reputation when sending spam, pollute the initial recipient's IP reputation, or create denial of service attacks at the target's server. Dealing with Backscatter It is not easy to cope with the floods of backscatter email that occur when a spammer forges your email addresses. Options include blacklisting the worst culprits, and enabling bounce, session and message verification techniques such as BATV, SPF and DomainKeys - the bounce verification lets you determine which bounces are in response to your own email, and session and message verification can help reduce the number of backscatter emails sent back. Postfix Backscatter Howto - www.postfix.org/BACKSCATTER_README.html How can I control unsolicited bounces? -

Backscatter and bounce attacks prevention

Embed Size (px)

DESCRIPTION

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Citation preview

Page 1: Backscatter and bounce attacks prevention

Backscatter and bounce attacks prevention

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Backscatter occurs when a Mail Transport Agent (email server) sends a bounce (return message) to a person who did not really send the email, essentially, someone is spoofing the Reply-To field in an email. They then send it to a mail server and it bounces not back to the sending server but to the Reply-To address. Backscatter is caused by people who don't reject mail during delivery, but instead accept the mail and then later send back a bounce message.

Problems arise with bounces if they are sent by a mail server to a non-local recipient. Technically bounces are called non-delivery reports (NDR) or delivery status notifications (DSN). If a message did not originate locally, then a mail server cannot know for sure if the address it is sending the bounce to is forged or not. This quickly leads to this unsolicited “backscatter” (or more rarely “outscatter”), sent to sites that never originated the email.If you run a mail server you have a responsibility not to send backscatter. Bounces should ideally only be generated by a mail server to a local recipient. Mail servers should not generate bounces to non-local recipients, but should instead reject the mail during the SMTP session, and leave the remote sending server to handle the bounce: if a rejected mail is a legitimate message, the bounce gets generated by the remote sending machine, as expected; if a rejected mail is not a legitimate message, the remote end will probably not generate a bounce, and all is still well. The MX should be made aware of the status of user mailboxes on the local system that the mail will eventually be delivered to. To reduce the chances of a bounce being necessary, DNSBLs should be used to reject spam during the SMTP session based on the sending IP address, and content based spam filters should be used to identify and reject spam during the SMTP session, during the DATA phase.In that way Bounce attacks can be used to leverage the initial recipient's "good" reputation when sending spam, pollute the initial recipient's IP reputation, or create denial of service attacks at the target's server.

Dealing with Backscatter

It is not easy to cope with the floods of backscatter email that occur when a spammer forges your email addresses. Options include blacklisting the worst culprits, and enabling bounce, session and message verification techniques such as BATV, SPF and DomainKeys - the bounce verification lets you determine which bounces are in response to your own email, and session and message verification can help reduce the number of backscatter emails sent back.

Postfix Backscatter Howto - www.postfix.org/BACKSCATTER_README.html How can I control unsolicited bounces? - www.spamcop.net/fom-serve/cache/380.htmlBackscatterers - www.backscatterers.com/How to deal with backscatter - www.spamnation.info/notes/guides/BackscatterFAQ.htmlDealing with joe jobs - research.mince.ac.nz/NZNOG_2007_Dealing_With_Joe_Jobs.pptMy email address is being used in spam! - www.spamresource.com/2007/07/ask-al-my-email-address-is-being-used.htmlBounce pi: where did my bounce come from? - bouncepi.com/

Symantec and bounce attacks prevention

Page 2: Backscatter and bounce attacks prevention

Symantec Brightmail Gateway uses bounce attacks prevention to eliminate NDRs that are a result of such redirection while still delivering legitimate NDRs.Once your system is configured for bounce attack prevention, Symantec Brightmail Gateway calculates a unique tag that uses the provided seed value as well as the current date. Your Scanner attaches this tag to outbound messages sent by users in your defined policy groups. If the message is then returned as undeliverable, the envelope's return address will contain this tag.When the system receives a message that appears to be a message returned as undeliverable, the system will compare the inbound message's recipient with the policy group configuration to see if the user's policy group is configured for bounce attack prevention. If the policy group is configured, the system calculates a new tag that includes the seed value and current date, then uses that new tag to validate the tag in the email.

Sources:

http://spamlinks.net/prevent-secure-backscatter.htm

http://www.gzone.it

http://seer.entsupport.symantec.com/docs/322196.htm

http://seer.entsupport.symantec.com/docs/322196.htm
http://www.gzone.it/
http://spamlinks.net/prevent-secure-backscatter.htm

Bounce Rate and Exit Rate | How to reduce Bounce Rate

Bounce Rate and Exit Rate | How to reduce Bounce Rate

Education
Backscatter Computed Tomography Development Overview

Backscatter Computed Tomography Development Overview

Documents
Bounce Estudiantepdf

Bounce Estudiantepdf

Documents
Comparison between integrated backscatter intravascular

Comparison between integrated backscatter intravascular

Documents
Radar Coherent Backscatter -  · Radar Coherent Backscatter! Pixels in a radar image are a complex phasor representation of the coherent backscatter from the resolution element on

Radar Coherent Backscatter -  · Radar Coherent Backscatter! Pixels in a radar image are a complex phasor representation of the coherent backscatter from the resolution element on

Documents
Bathymetric and Backscatter Analyses of Fisheries R/V ...oceanica.cofc.edu/beamsprogram/images/Photo Galleries...RESULTS: Classified Backscatter Classified Backscatter Bathymetric

Bathymetric and Backscatter Analyses of Fisheries R/V ...oceanica.cofc.edu/beamsprogram/images/Photo Galleries...RESULTS: Classified Backscatter Classified Backscatter Bathymetric

Documents
Backscatter and Ambient Communication

Backscatter and Ambient Communication

Documents
The Fundamentals of Backscatter Radio and RFID Systems · The Fundamentals of Backscatter Radio and RFID Systems ... Part I 1. Introduction to Backscatter Radio and RFID 2. ... and

The Fundamentals of Backscatter Radio and RFID Systems · The Fundamentals of Backscatter Radio and RFID Systems ... Part I 1. Introduction to Backscatter Radio and RFID 2. ... and

Documents
NZNOG ’07 ‘Dealing with Joe Jobs’ or how to cope with spam backscatter attacks Simon Howard

NZNOG ’07 ‘Dealing with Joe Jobs’ or how to cope with spam backscatter attacks Simon Howard

Documents
When you bounce a ball, how high will it bounce?

When you bounce a ball, how high will it bounce?

Documents
Integrated Backscatter Intravascular Ultrasoundcdn.intechopen.com/...Integrated_backscatter_intravascular_ultrasound.pdf · Integrated Backscatter Intravascular Ultrasound 43 attenuation

Integrated Backscatter Intravascular Ultrasoundcdn.intechopen.com/...Integrated_backscatter_intravascular_ultrasound.pdf · Integrated Backscatter Intravascular Ultrasound 43 attenuation

Documents
Technology: Ambient Backscatter

Technology: Ambient Backscatter

Technology
Ambient backscatter for 6G MTC

Ambient backscatter for 6G MTC

Documents
Billy Bounce

Billy Bounce

Documents
Backscatter Radar

Backscatter Radar

Documents
One Bounce, Two Bounce

One Bounce, Two Bounce

Education
BOUNCE - sportlomo-userupload.s3.amazonaws.comsportlomo-userupload.s3.amazonaws.com/.../7/bounce... · BOUNCE PRACTISE THE TECHNIQUE 1 2 3 BOUNCE KINg Players into two teams. Team

BOUNCE - sportlomo-userupload.s3.amazonaws.comsportlomo-userupload.s3.amazonaws.com/.../7/bounce... · BOUNCE PRACTISE THE TECHNIQUE 1 2 3 BOUNCE KINg Players into two teams. Team

Documents
Bounce -

Bounce -

Documents
Trampoline upper bounce jumping mats|Buy upper bounce

Trampoline upper bounce jumping mats|Buy upper bounce

Business
Trampoline upper bounce jumping mats|upper bounce jumping mats

Trampoline upper bounce jumping mats|upper bounce jumping mats

Documents
Best of Backscatter Vol1

Best of Backscatter Vol1

Documents
Long-range backscatter from the Mid-Atlantic Ridgeacoustics.mit.edu/faculty/makris/Long-range backscatter...Long-range backscatter from the Mid-Atlantic Ridge Nicholas C. Makris and

Long-range backscatter from the Mid-Atlantic Ridgeacoustics.mit.edu/faculty/makris/Long-range backscatter...Long-range backscatter from the Mid-Atlantic Ridge Nicholas C. Makris and

Documents
RADAR BACKSCATTER FROM RAIN - jhuapl.edu

RADAR BACKSCATTER FROM RAIN - jhuapl.edu

Documents
ASCAT backscatter processing status

ASCAT backscatter processing status

Documents
index-of.esindex-of.es/Attacks/FTP Bounce Attack/Vulnerabilities.pdf · CyberCop Scanner Vulnerability Guide 3 CYBERCOP SCANNER VULNERABILITY GUIDE 1: INFORMATION GATHERING AND RECON

index-of.esindex-of.es/Attacks/FTP Bounce Attack/Vulnerabilities.pdf · CyberCop Scanner Vulnerability Guide 3 CYBERCOP SCANNER VULNERABILITY GUIDE 1: INFORMATION GATHERING AND RECON

Documents
Integrated Backscatter Intravascular Ultrasound

Integrated Backscatter Intravascular Ultrasound

Documents
Wi-fi backscatter

Wi-fi backscatter

Engineering
Ultrasonic Attenuation and Backscatter Coefficient

Ultrasonic Attenuation and Backscatter Coefficient

Documents
Ambient backscatter ppt

Ambient backscatter ppt

Technology
15 Sediment Gages - USGS · 0.2707 c,S372 Velccty and backscatter seres C] Depth-averaøed streamwise vebcfy RMS Curr.tive u at depths backscatter Depth-averaged backscatter Contour

15 Sediment Gages - USGS · 0.2707 c,S372 Velccty and backscatter seres C] Depth-averaøed streamwise vebcfy RMS Curr.tive u at depths backscatter Depth-averaged backscatter Contour

Documents