Non-Delivery Report Spam Should Be Non-Event Spam

by J. Kirk
Sr. Product Solutions Manager

A recent study shows that there has been a rise in spam attacks designed to look like non-delivery report (NDR) messages.

Let’s say you send an e-mail to a non-existent address. What happens? It bounces back and you get an e-mail that says the message isn’t deliverable. It’s a common event and we’ve all experienced it. And spammers know this. So sometimes, spammers will use your e-mail as the reply-to in their spam campaigns, and you’ll receive a bunch of non-delivery responses sent back from all the non-existent addresses the spammer sent e-mails to.

But in these new cases, something different is happening. It looks like spammers are using the non-delivery report messages as something to dupe the recipient, via spam, into clicking on the e-mail because the recipient thought they sent a message that wasn’t deliverable. This clever tactic has become one of the most widely used methods for beating much of the anti-spam technology on the market, and it’s revealing countless addresses as worthwhile targets for spammers.

One way to protect against NDR spam is by utilizing Bounce Address Tag Validation (BATV), an industry-based standard that helps you determine whether the bounce address specified in a returned e-mail message is valid (i.e., whether the bounced e-mail actually originated at the e-mail address mentioned inside it). It serves as the first line of defense—an absolute solution—against NDRs and backscatter.

Still, another way to ensure that this type of NDR-charading spam doesn’t bother you is by demanding DomainKeys Indentified Mail (DKIM) in your e-mail security solution.

DKIM attaches address validation tags to outbound e-mails. By simply tagging outbound messages, you’re guaranteeing that you’re not going to run into this NDR problem, as any NDR e-mails you find in your inbox will have this tag. Quite simply, you can be absolutely certain they’re legitimate!

Plus, DKIM eliminates the uncertainty created by NDR spam. You can tell your users that all NDR reports should be taken seriously, that all NDR reports actually refer to genuinely non-existent addresses that they can delete from their database. Everyone’s trust in these valuable reports can be restored.

Finally, in addition to BATV and DKIM, it’s a good idea to make sure that your anti-spam capabilities feature a strong inbound IP-reputation solution, so that even if something is disguised as an NDR, it will be dropped before it hits the network anyway, based solely on its IP address.

By ensuring that these measures are in place, you can rest assured that you’ll be neither victimized by NDR spam nor uncertain about the legitimacy of the valuable NDR reports that do end up in your inbox.

(Photo by Cookipedia: / CC BY 2.0)

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s