Non-Delivery Report Spam Should Be Non-Event Spam

by J. Kirk
Sr. Product Solutions Manager

A recent study shows that there has been a rise in spam attacks designed to look like non-delivery report (NDR) messages.

Let’s say you send an e-mail to a non-existent address. What happens? It bounces back and you get an e-mail that says the message isn’t deliverable. It’s a common event and we’ve all experienced it. And spammers know this. So sometimes, spammers will use your e-mail as the reply-to in their spam campaigns, and you’ll receive a bunch of non-delivery responses sent back from all the non-existent addresses the spammer sent e-mails to.

But in these new cases, something different is happening. It looks like spammers are using the non-delivery report messages as something to dupe the recipient, via spam, into clicking on the e-mail because the recipient thought they sent a message that wasn’t deliverable. This clever tactic has become one of the most widely used methods for beating much of the anti-spam technology on the market, and it’s revealing countless addresses as worthwhile targets for spammers.

One way to protect against NDR spam is by utilizing Bounce Address Tag Validation (BATV), an industry-based standard that helps you determine whether the bounce address specified in a returned e-mail message is valid (i.e., whether the bounced e-mail actually originated at the e-mail address mentioned inside it). It serves as the first line of defense—an absolute solution—against NDRs and backscatter.

Still, another way to ensure that this type of NDR-charading spam doesn’t bother you is by demanding DomainKeys Indentified Mail (DKIM) in your e-mail security solution.

DKIM attaches address validation tags to outbound e-mails. By simply tagging outbound messages, you’re guaranteeing that you’re not going to run into this NDR problem, as any NDR e-mails you find in your inbox will have this tag. Quite simply, you can be absolutely certain they’re legitimate!

Plus, DKIM eliminates the uncertainty created by NDR spam. You can tell your users that all NDR reports should be taken seriously, that all NDR reports actually refer to genuinely non-existent addresses that they can delete from their database. Everyone’s trust in these valuable reports can be restored.

Finally, in addition to BATV and DKIM, it’s a good idea to make sure that your anti-spam capabilities feature a strong inbound IP-reputation solution, so that even if something is disguised as an NDR, it will be dropped before it hits the network anyway, based solely on its IP address.

By ensuring that these measures are in place, you can rest assured that you’ll be neither victimized by NDR spam nor uncertain about the legitimacy of the valuable NDR reports that do end up in your inbox.

(Photo by Cookipedia: / CC BY 2.0)

What to Demand From Your Company’s Anti-Spam Product: A Quick Primer

by J. Kirk
Sr. Product Solutions Manager

In Davos, Switzerland, in 2004, Bill Gates predicted a spam-free world in two years. That, of course, didn’t even come close to fruition, and if you consider what happened from 2006 to 2009—Gates’ predicted utopian era of squeaky-clean inboxes—you have to confront the fact that spam outbreaks actually spiked consistently every twelve months.

Nothing beats human intuition in security matters, and a robust anti-spam product empowers its users with the information they need to make executive decisions on all inbound email.

Nothing beats human intuition in security matters, and a robust anti-spam product empowers its users with the information they need to make executive decisions on all inbound email.

You’ve heard all the scary numbers before. Up to 90 percent of all email is spam. One in 300 PCs has a virus. Three hundred thousand PCs get compromised every day. Only about six percent of inbound email is legitimate.

But what should you demand from your company’s anti-spam product to tackle these numbers head on and perhaps make Gates’ wild dream a reality (at least for your inbox)? And what analogy can you use in your organization’s anti-spam chats that pushes these features out of the abstract?

How about the airport?

What analogy could be better?

First, if your anti-spam product has IP reputation and content filtering, it’s performing like that first line of TSA guards who won’t even let you onto the concourse and up to the X-ray machines without a ticket and ID. Spam that can’t prove it has any business being near your inbox simply won’t be near your inbox.

Next, if your anti-spam product has artificial intelligence and image filtering, it’s performing like concourse security, checking IDs and luggage and waving the metal-detector wand. If something’s fishy at the airport checkpoint, the suspect probably isn’t going to make their flight, and likewise, even though the spam might’ve been able to get by the first line of defense, its contents betray it, and the spam is stopped dead in its tracks.

Finally, if your anti-spam product supports a human view, it’s allowing your IT department to perform like the hawk-eyed security guards in the unseen offices at the airport, standing before a large bank of monitors and taking action on the fly. Nothing beats human intuition in security matters, and a robust anti-spam product empowers its users with the information they need to make executive decisions on all inbound email.

Overlapping techniques like these combine to create a surefire method for protecting your organization against spam. Is Bill Gates’ vision of a spam-free world here today? No. But the more organizations insist on quality anti-spam products that boast these features, the less attractive spam will become to the unsavory characters who send it. And who knows? At some point, it might not even be worth their time.

(Photo by Mulad: / CC BY 2.0)
  • Calendar

    • July 2020
      M T W T F S S
  • Search