Backscatter

April 4, 2008 / Depending on your e-mail setup, you may have noticed a recent spike in messages claiming that some suspicious-looking missive you sent could not be delivered, while you know damn well you sent no such thing. If you’re seeing these messages they’re most likely the result of e-mail spoofing, and it doesn’t mean that someone’s compromised […]

Depending on your e-mail setup, you may have noticed a recent spike in messages claiming that some suspicious-looking missive you sent could not be delivered, while you know damn well you sent no such thing. If you’re seeing these messages they’re most likely the result of e-mail spoofing, and it doesn’t mean that someone’s compromised your account—it just means that they have your e-mail address.

It works like this: spammer sends a thought-provoking, rational and grammatically flawless appeal to human nature to the entire world, while pretending to be you, by sending your e-mail address in the “From:” header. The spammer is not actually using your account to send the messages—they’re using some other account and inserting your name as the sender.

But so what? Well, there are two reasons you see the bounces, and they work together:

  1. the mailserver receiving spam performs no sender validation, so it doesn’t recognize that the sender’s name is spoofed (e.g. checking that a message from @domain.edu comes from an IP authorised to send from that domain); so the message bounces to you since you’re in the “From:” hot seat
  2. the receiving mailserver performs no recipient validation, so it doesn’t reject mail if the destination address does not exist, and instead bounces the message to the sender, who it thinks is you

The result of all this fun is called backscatter, and amongst other things, results in a lot of e-mails to technical support along the lines of “my account has been hacked.” While that’s always a possibility, in most cases it’s the result of Spamworks, Inc. and the mailservers that enable them by merrily passing on their l1t3rary gen1us to the rest of the world.

Client-side filtering can deal with this to some degree, but you might also talk to your e-mail administrator about flagging these kinds of bounced messages as spam, which is what the originating servers should be doing in the first place.

Comments are closed.


Zero to One-Eighty contains writing on design, opinion, stories and technology.