A
akki
Guest
Today I want to give you all a little information from the Email Security Frontier. Maybe you have already recognized that the amount of SPAM in your email inbox is increasing from day to day and that most of the email providers have installed "Spam filter" or "Anti Spam Policies". I can tell you from experience, that this is a real issue for us (the providers) to keep your inbox as clean as possible.
Recently I have also seen an increasing number of NDR's. (What is that: http://en.wikipedia.org/wiki/Bounce_message)
Now here a little story to explain this a bit deeper.
John Doe, sitting in his office, was scrolling through email in his inbox when he noticed an email with this subject line:
Mail delivery failed: returning message to sender
John thought to himself, Message delivery failed? Did my message to Jane get blocked? He then proceeded to open the message and found that it was an online pharmacy spam message he had allegedly sent. John is initially puzzled because he never sent that message himself. Soon, he realizes that the message is NDR spam.
Now... I have observed a wave of non-delivery receipt (NDR) attacks over the past month. While this technique is certainly not new, a spike in volume was significant enough for me to take a deeper look. A lot of people are confused about these messages. Where do they come from? What is the purpose?
This spam type utilizes a crafty technique:
Rather than inserting the spam victims email addresses in the To line of the message, NDR spammers insert the addresses into the From line. Next, the spammer sends that message to a server with a random inbox as the destination. This message travels to the destination, only to get bounced back to the original sender because the mailbox does not exist. Because the From line has been spoofed, the spam victim receives the bounced spam message.
Some mail servers are configured to include the entire original message in the bounce. This is the desired result of the NDR spammer, because the spam victim will look at the original spam when combing through the bounce message.
The spammer is gambling on the recipient having a higher likelihood of opening this type of message, since the subject line is vague enough to not indicate obvious spam. Most people use their email accounts daily and when they see a bounce message, the natural instinct is to open it up and check to see which of the sent messages was not received. Of course, if you havent sent an email recently and you receive a bounce spam message in your inbox, the chances that it is NDR spam are quite likely. NDR spam appears to be the method of choice lately for spammers. The bottom line is, do not open bounce messages unless you have recently sent mail.
Otherwise you might end up with a Virus or Worm on your computer.
If you have questions, please feel free to PM me or reply to this post.
Recently I have also seen an increasing number of NDR's. (What is that: http://en.wikipedia.org/wiki/Bounce_message)
Now here a little story to explain this a bit deeper.
John Doe, sitting in his office, was scrolling through email in his inbox when he noticed an email with this subject line:
Mail delivery failed: returning message to sender
John thought to himself, Message delivery failed? Did my message to Jane get blocked? He then proceeded to open the message and found that it was an online pharmacy spam message he had allegedly sent. John is initially puzzled because he never sent that message himself. Soon, he realizes that the message is NDR spam.
Now... I have observed a wave of non-delivery receipt (NDR) attacks over the past month. While this technique is certainly not new, a spike in volume was significant enough for me to take a deeper look. A lot of people are confused about these messages. Where do they come from? What is the purpose?
This spam type utilizes a crafty technique:
Rather than inserting the spam victims email addresses in the To line of the message, NDR spammers insert the addresses into the From line. Next, the spammer sends that message to a server with a random inbox as the destination. This message travels to the destination, only to get bounced back to the original sender because the mailbox does not exist. Because the From line has been spoofed, the spam victim receives the bounced spam message.
Some mail servers are configured to include the entire original message in the bounce. This is the desired result of the NDR spammer, because the spam victim will look at the original spam when combing through the bounce message.
The spammer is gambling on the recipient having a higher likelihood of opening this type of message, since the subject line is vague enough to not indicate obvious spam. Most people use their email accounts daily and when they see a bounce message, the natural instinct is to open it up and check to see which of the sent messages was not received. Of course, if you havent sent an email recently and you receive a bounce spam message in your inbox, the chances that it is NDR spam are quite likely. NDR spam appears to be the method of choice lately for spammers. The bottom line is, do not open bounce messages unless you have recently sent mail.
Otherwise you might end up with a Virus or Worm on your computer.
If you have questions, please feel free to PM me or reply to this post.