Security: Backscatter Spam
new type of spam attack is growing exponentiallyWe reported two weeks ago that the User-groups.net and graphic-design.com was pounded and pounded for several days by thousands of Backscatter Spam. To guard ourselves, I deleted ALL the email addresses to both domains, switching exclusively to SpamCop. Now, my email was bouncing back to them. The problem is, it was bouncing good mail too. Hundreds of contacts had to be notified of the switch. Fortunately, I caught it early enough and was able to avoid the fate of another site, freedom-to-tinker.com, which was hit last week, and as of today, has still not come back up.
In Backscatter Spam the spammer grabs your e-mail address, using it in the from-line of a mass-spam. The rest of the spam is the same as usual. Since the "sent from" line looks legit, email filters intercept the spam. If it hits a dead address then the mail bounces back to -- guess who? You -- that's who. Or, in our case, ME!
A recent ComputerWorld.com article reports that this type of spam attack is growing exponentially.
For now, there's a solution for Windows users:
Astaro Corporation has deployed Astaro Security Gateway, which can detect and block what is known as backscatter.
Astaro Security Gateway implements an open source solution called BATV, which stands for Bounce Address Tag Validation, in order to combat this type of spam. This program embeds an encrypted signature into the hidden header of every outgoing mail message. Every time a bounce email comes into the Astaro product, it checks for this code. "If the signature is not there," says Astaro Product Evangelist Angelo Comazzetto, "we know with great certainty that the message did not originate from someone behind our device, and the message can thus be disposed of."
Spammers use backscatter to target email recipients by means of creating false "bounce" messages to them. Due to the legitimate-looking nature of this type of message, it has a very high open/read rate compared to normal spam. Further, many inferior mail-filters automatically pass bounce messages through their various anti-spam checks in order to ensure delivery of the notification-style message to the user. The spammer has therefore met his objective and delivered his message to the intended recipient through a third party mail server, and the user is highly likely to read it.
BATV is enabled by default in Astaro Security Gateway and can be toggled by way of a single check box.
Comazzetto explains further, "While rare, administrators of those domains that have any issues with BATV can make use of a granular exceptions list that can be used to remove senders, recipients, or entire domains from BATV and/or our other checks."
Astaro Corporation is headquartered in Burlington, Massachusetts and Karlsruhe, Germany. The Astaro Security Gateway, simplifying Email, Web & Network Security, has won numerous industry awards and is protecting over 30,000 networks in 60 countries. Astaro products are distributed by a worldwide network of nearly 2,500 solution partners who offer local support and services. For more information, please visit www.astaro.com. Burlington, MA (May 08,2008)
Participate in your Design Center
Lots of fun and information for all... don't forget, any community is only as good as the participation of its members. We invite your tips, tricks, comments, suggestions and camaraderie.
- Ask for the DT&G Monthly: to receive DT&G newsletter each month, happenings in the Design Center and regular columns like the "Mail Bag" and "Cool Sites"
- Discuss Design & Desktop Publishing : in the Designers' CAFE
- Link to this site, and then show us the link. We'll send you any of our current door prizes, just for your trouble.
- Discuss Photoshop at Photoshop 911
- SUBMIT: a news link, new font, or product review
- REVIEW a website: posted by our readers
- SUBMIT a Website: for review in Web Design & Review
- Submit a Critique: of a popular web site, or YOUR web site!
- WIN PRIZES: in our "Question of the Month" column
- Meet Friends of the Design Center people who care!
- Become a Friend of the Design Center: and put your link on the front page
- Submit News, Views or your latest press release
- Submit your Software Review: shareware, freeware, fonts, graphics, utilities -- if you've found software you like, let DT&G readers know about it!
Learning, training, tips, tricks, and moreThe Design Bookshelf team reads and reviews the best books for the creative visual designer, desktop publishing practitioner and visual communicator. If you want to know it -- we'll show you the very best way to learn it... in the Designer's Bookshelf
Get more out of your computer: join a user group - There are computer clubs around the world called "user groups" where you find fellow computer users ready and willing to share a wealth of information. If you're not a UG member, you should be.. find a group at the User Group Network