UGN safenet

Synopsis:

Backscatter Spam is a new type of spam attack is growing exponentially where the spammer uses YOUR address to send the spam ...
 

Go To:

UG Supporter:

Go for it...

Backscatter Spam

new type of spam attack is growing exponentially

We reported two weeks ago that the User-groups.net and graphic-design.com was pounded and pounded for several days by thousands of Backscatter Spam. To guard ourselves, I deleted ALL the email addresses to both domains, switching exclusively to SpamCop. Now, my email was bouncing back to them. The problem is, it was bouncing good mail too. Hundreds of contacts had to be notified of the switch. Fortunately, I caught it early enough and was able to avoid the fate of another site, freedom-to-tinker.com, which was hit last week, and as of today, has still not come back up.

In Backscatter Spam the spammer grabs your e-mail address, using it in the from-line of a mass-spam. The rest of the spam is the same as usual. Since the "sent from" line looks legit, email filters intercept the spam. If it hits a dead address then the mail bounces back to -- guess who? You -- that's who. Or, in our case, ME!

A recent ComputerWorld.com article reports that this type of spam attack is growing exponentially.

Backscatter Spam Tips from Fred:

You can stop sending mail about this problem. Since I first reported on the spam slam, I've received over 100 emails from other users having the same problem. So far, it cannot easily be reported to SpamCop or the other automated spam reporting systems. So, if you're one of the unfortunate email users to be hit by 'backscatter spam' (See article #2 above) here is an easy way to deal with it immediately:

1) Create a folder: in your email program, set up a new folder called "bounces"
2) Filter "Subject": set up a filter which parses the "Subject" line for the following:
* undeliverable
* deliver
* failed
* undelivered
* failure
* blocked
3) Filter "Sender": set up a filter which parses the "Sent By" field. (Some filters will allow multiple criteria. If yours does, you can add this to the "Subject" filter too.)
* postmaster
* MAILER-DAEMON
* localhost

Set the filter to move these emails into your newly created "bounces" folder. From there you can search for the "good" bounces, if there are any. Usually, you'll remember people you emailed to in the past 24 hours or so, and you can visually check those out in the Bounces folder listing. Once you're satisfied no good mail has been filtered, you can simply delete all the spams. For a very small measure of pleasure, Mac users can just select all, and click the "bounce" button to bounce the mail back to the senders. But I didn't advocate that.

Isn't it a true travesty that good people have to put up with this garbage from the bad people in the world. Too bad IPv6 is not fully implemented.

For now, there's a solution for Windows users:

Astaro Corporation has deployed Astaro Security Gateway, which can detect and block what is known as backscatter.

Astaro Security Gateway implements an open source solution called BATV, which stands for Bounce Address Tag Validation, in order to combat this type of spam. This program embeds an encrypted signature into the hidden header of every outgoing mail message. Every time a bounce email comes into the Astaro product, it checks for this code. "If the signature is not there," says Astaro Product Evangelist Angelo Comazzetto, "we know with great certainty that the message did not originate from someone behind our device, and the message can thus be disposed of."

Spammers use backscatter to target email recipients by means of creating false "bounce" messages to them. Due to the legitimate-looking nature of this type of message, it has a very high open/read rate compared to normal spam. Further, many inferior mail-filters automatically pass bounce messages through their various anti-spam checks in order to ensure delivery of the notification-style message to the user. The spammer has therefore met his objective and delivered his message to the intended recipient through a third party mail server, and the user is highly likely to read it.

BATV is enabled by default in Astaro Security Gateway and can be toggled by way of a single check box.

Comazzetto explains further, "While rare, administrators of those domains that have any issues with BATV can make use of a granular exceptions list that can be used to remove senders, recipients, or entire domains from BATV and/or our other checks."

Astaro Corporation is headquartered in Burlington, Massachusetts and Karlsruhe, Germany. The Astaro Security Gateway, simplifying Email, Web & Network Security, has won numerous industry awards and is protecting over 30,000 networks in 60 countries. Astaro products are distributed by a worldwide network of nearly 2,500 solution partners who offer local support and services. For more information, please visit www.astaro.com. Burlington, MA (May 08,2008)

Found something really cool?

We'd love to hear about it and pass it along to all of our readers... just contact Lynn or Fred, or post your own review at our : review input forms ...
Get the InfoManager newsletter in your mailbox each Monday morning by subscribing at: mac-pro.net ...   del.icio.us...  

UGN Site Navigation:

Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director
* Discuss Photoshop
* Discuss Desktop Publishing
* Critique your Web Site

CREDITS:

Reviewed by Fred Showker for the User Group Network News Service. (C) 2008, all rights reserved. Affiliate groups may freely republish this piece so long as they include the tag line: "From the User Group Network News Service at http://www.user-groups.net/ " ... Event dates are subject to change. Some products, programs, or promotions are not available outside the U.S. Prices are estimated retail prices and are listed in U.S. dollars. Product specifications are subject to change. Apple, the Apple logo, Mac, Mac OS, Macintosh, Power Mac, Velocity Engine, FireWire, AirPort, Safari, Sherlock, QuickTime, iLife, iTunes, iChat, iPhoto, iMovie, iDVD, iCal and Apple Store are either registered trademarks or trademarks of Apple. Other company and product names may be trademarks of their respective owners. Mention of third-party products is for informational purposes only and constitutes neither a recommendation nor an endorsement.

The User Group Network is a member of:, the MUG News, and is sponsored in part by: The Design & Publishing Center, The News Serve Network, and the Designers' Bookshelf. The User Group Network is the first, and the original user group network for computer users everywhere including, Apple, Mac-Pro, User Group Organization to support Macintosh, IBM PC, Microsoft, Compaq, Amiga, BE/OS, Linux, UNIX, and other leading computer platforms. Hosting services are provided by The Graphic Design Network to serve the computing community. For information about the UGNetwork, to get involved or have your own groups' home page located at user-groups.net, please contact us. Copyright 1994 through present. This site is maintained in the community interest by The Graphic Design Network c/o Showker Graphic Arts & Design, a Corporation of the Commonwealth of Virginia, Commonwealth of Virginia, 22801, Harrisonburg, VA, in the Shenandoah Valley of Virginia, established in 1972.