Ancar B Technologies – IT Support Yorkshire
phishing »

Network Support in Leeds, Bradford and throughout West Yorkshire

Posts Tagged ‘phishing’

What is Backscatter? Can I stop it?

May 12th, 2010

So, you log into your email Monday morning and there’s 500+ Non-Delivery Reports for emails you haven’t sent. What’s going on. Has your account been hacked? Unlikely. The more likely reason is that you’re a victim of Backscatter.

What is it? In brief, backscatter is the influx of Non Delivery Reports (or NDR’s) into a victim’s Mail Server (or MTA).

What is an NDR?

Mail Transfer Agents support a service called Delivery Status Notification (DSN) which allows end users to be notified of the status of an email, such as the successful or failed delivery of email messages.

A non-delivery report is a status message sent by the recipient or interim email server that informs the sender of a email message delivery failure. There are several issues that can trigger an NDR, the most common are when the recipient of the message does not exist or when the destination mailbox is full.

Smarter Spamming?

Email servers offer a simple measure against SPAM by only accepting emails that have a valid source domain.

i.e. The domain exists.

Spammers are aware of this and have a simple way of bypassing this check which is to mimic email addresses from a valid domain.

Spammers use several methods for harvesting email addresses from the web. One method is the use of “Web Spiders”. Spiders crawl the Internet and web sites for email addresses that can be added to a database to be both a recipient, and used as a valid email address for sending spam.

From SPAM to Backscatter

So now you’re in the database, you’re likely to be targeted for the receipt of SPAM, and unfortunately it’s likely that a Spammer is going to use your email address at some point to send a batch of SPAM emails.

Even though you’re not the true source of the emails, you are the legitimate owner of the “Senders” address. As such any Non-Delivery Report is going to be returned to you.

So depending on the frequency of abuse, or indeed the size of the attack, you could potentially about to receive thousands of Non-Delivery Reports thanks to a spammer.

Can it be stopped?

Unfortunately it is easy to mimic someones email address, however there are measures to firstly prevent you being the source of such a violation, and secondly reduce or prevent the influx of backscatter.

The “Sender Policy Framework” or SPF have introduced additional DNS Records (SPF Records) that allow you to specify who is allowed to send email from your domain (Mail Servers). This way, if an email is received by a mail server from a source other than defined in your SPF record, the connection will be dropped and the email will not be processed.

Note: Googlemail, Hotmail and Microsoft are already implementing policies whereby if an SPF record does not exist, your email may be rejected.

Other options include disabling all catchall or wild-card mailboxes. When this feature is disabled the spammer has to match your exact email address and not your domain, so your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server.

It is also recommended that you configure your mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail have patches to improve the behavior to create less backscatter.

A better solution

Using an external host to relay and filter your inbound email can prevent the receipt of SPAM and Backscatter, as well as reduce the loads generated by SPAM on your local mail servers.

Be low are a few more resources to give a little more information on the subject.

The Backlash!

The source of a Backscatter attack is no the SPAMMER, but it is the servers that are not configured to reject emails for invalid email addresses. These servers, although they’re the victim of an actual SPAM attack are now being listed on a UCE Blacklist (http://www.backscatterer.org/), which in turn gets your outbound email rejected due to your server being listed on a Black List.

As you can see, it is important to configure your email and DNS services correctly to ensure your neither the subject of a backscatter storm, nor listed unknowingly in a Blacklist.

Other Resources

Open SPF – http://www.openspf.org/
SPF Record Creator – http://old.openspf.org/wizard.html
Microsoft Sender ID Framework - http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Reducing Backscatter on Exchange – http://www.avianwaves.com/Blog/default.aspx?id=31

No comments »

Posted in Communications, Hints & Tips

Tags: backscatter crawler MTA NDR NDR spam phishing security spam spamming spiders

Top Tips for cutting out SPAM

April 27th, 2010

SpamCop is currently having 92 million reported Spamming sources per month, and Ancar B Technologies Anti Spam solution is filtering over 3 million emails a month of which less than 15% is HAM. With such a volume of Spam email in your inbox, we’re wasting more and more time filtering though the junk in our mailboxes.

Free email services such as Hotmail and Googlemail offer a high level of filtering services as standard, but these are geared towards individual users.

For the rest of us, here are a few top tips to prevent help prevent the infestation of Spam in your inbox.

Top Tops for Spam Reduction

Disable the Automatic Download of Images – Applications such as Outlook do this as standard. Why? Firstly, it saves on bandwidth if you don’t really need the image. Secondly, and more importantly, spammers can track which users download the images which allows them to track legitimate email addresses and record them for futher spam attacks.
Never follow links in SPAM – Again, URL tracking is in place which allows a Spammer to tack and target legitimate addresses.
Avoid the use of a Catch All address – Put simply, you’re generating a honeypot for spammers as every possible conceivable email address will be valid and you will receive far more SPAM in your inbox.
Use generic email addresses on the web – Never use a private email address on web sites. Web Crawlers are constntly trawling for email addresses to add to their database. So use info@ rather than your personal email to keep the SPAM out of your inbox.
Sign up for a Googlemail Account – And use it just for signing up to sites/forums or any other site you need to enter an email address in order to access information. As mentioned previously, they have great SPAM filtering systems and it keeps your inbox clean. Googlemail
Read Privacy Policies – Following on from the last point, don’t just tick the box and sign up. Read a web sites privacy policy to ensure they’re not going to pass on your details. Additionally, watch out for “pre-checked” boxes signing you up to mailshots.
Use an email client with a Junk Filter – Microsoft Outlook and Mozilla Thunderbird both have built in filtering engines to help keep your Spam email under control.
Never use TO or CC on Mailshots – A mistake made by many people. Always BCC users on a Bulk Mailshot. This keeps the groups email addresses private and prevents mail loops and mail scatter.
Disable Automatic Read Receipts – Your just letting Spammers know they can send you more mail.
NEVER REPLY TO SPAM – Need we say more?
Do not pass on Chain Messages – They may occasionally be funny, but read down the next one you receive. How many email addresses appear in the message. your just adding yourself to a long list of email addresses ready to be added to a database.
Report Spam – www.spamcop.net – Report any Spam you receive to help yourself and others in the future.
Consider a Mail Filtering Service – Of course, Ancar B Technologies offers a mail filtering service, but to be impartial, I can also recommend Symantec’s Websense

Avoiding Phishing and ID Theft

Phishing is quickly becoming one of the biggest forms of Spam and is now considered the biggest global threat for Fraud. Here are a few simple tips for ensuring your protection.

Never Contribute to Charity Emails – If you want to donate, visit the Charities official web site.
A Bank will NEVER ask you for your details – Under no circumstances will a bank ask you for your personal information on an email. You know who you bank with, if you want to log in to check anything, go to their site yourself.
If it looks like spam, it probably is – Simply delete it.
Never provide personal information – If an email asks you for personal information, delete it.

These steps are only simple, and generally common sense prevails. But following these simple tips will reduce the Spam in your inbox and also provide protection against Identity Theft and Fraud from Phishing emails.

Happy Emailing!