Backscatter (e-mail)
   HOME
*





Backscatter (e-mail)
Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam. Recipients of such messages see them as a form of unsolicited bulk email or spam, because they were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities. Systems that generate email backscatter may be listed on various email blacklists and may be in violation of internet service providers' Terms of Service. Backscatter occurs because worms and spam messages often forge their sender addresses. Instead of simply rejecting a spam message, a misconfigured mail server sends a bounce message to such a forged address. This normally happens when a mail server is configured to relay a message to an after-queue processing step, for example, an antivirus scan or spam check, which then fails, and at the time the antivirus scan or spam check ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Bounce Message
A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered (or some other delivery problem occurred). The original message is said to have "bounced". This feedback may be immediate (some of the causes described here) or, if the sending system can retry, may arrive days later after these retries end. More formal terms for bounce message include "Non-Delivery Report" or "Non-Delivery Receipt" (NDR), ailed"Delivery Status Notification" (DSN) message, or a "Non-Delivery Notification" (NDN). Classification Although the SMTP is a mature technology, counting more than thirty years, the architecture is increasingly strained by both normal and unsolicited load. The email systems have been enhanced with reputation systems tied to the actual sender of the email, with the idea of recipient's email servers rejecting email when a forged sender is used in the protocol. Therefore, two types ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and all its participants are volunteers. Their work is usually funded by employers or other sponsors. The IETF was initially supported by the federal government of the United States but since 1993 has operated under the auspices of the Internet Society, an international non-profit organization. Organization The IETF is organized into a large number of working groups and birds of a feather informal discussion groups, each dealing with a specific topic. The IETF operates in a bottom-up task creation mode, largely driven by these working groups. Each working group has an appointed chairperson (or sometimes several co-chairs); a charter that describes its focus; and what it is expected to produce, and when. It is open to all who want to particip ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


SpamCop
SpamCop is an email spam reporting service, allowing recipients of unsolicited bulk or commercial email to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" or "SpamCop Blacklist" (SCBL). History SpamCop was founded by Julian Haight in 1998 as an individual effort. As the reporting service became more popular, staff were added and the SCBL became more useful. It has commonly been the target of DDoS attacks and lawsuits from organizations listed in the SCBL. Email security company IronPort Systems announced its acquisition of SpamCop on November 24, 2003, but it remained independently run by Julian Haight. A small staff and volunteer help in its forum. IronPort agreed to become a division of Cisco Systems on January 4, 2007, effectively making SpamCop a Cisco service. Julian Haight left appro ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Joe Job
A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also email spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source. Origin and motivation The name "Joe job" originated from such a spam attack on Joe Doll, webmaster of joes.com, in 1997. One user's joes.com account was removed due to advertising through spam. In retaliation, the user sent new spam with headers forged to make it appear that Joe Doll was responsible. Besides prompting angry replies, it also caused joes.com to fall prey to denial-of-service attacks, from anti-spam vigilantes who thought he had sent the mail, that temporarily took the site down. Some e-mail Joe jobs are acts of revenge like the original ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Bounce Address Tag Validation
In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses. Overview The basic idea is to send all e-mail with a return address that includes a timestamp and a cryptographic token that cannot be forged. Any e-mail that is returned as a bounce without a valid signature can then be rejected. E-mail that is being bounced back should have an empty (null) return address so that bounces are never created for a bounce and therefore preventing messages from bouncing back and forth forever. BATV replaces an envelope sender like mailbox@example.com with prvs=''tag-value''=mailbox@example.com, where prvs, called "Simple Private Signature", is just one of the possible tagging schemes; actually, the only one fully specified in the draft. The BATV draft gives a framework that other poss ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Transparent SMTP Proxy
SMTP proxies are specialized mail transfer agents (MTAs) that, similar to other types of proxy servers, pass SMTP sessions through to other MTAs without using the store-and-forward approach of a typical MTA. When an SMTP proxy receives a connection, it initiates another SMTP session to a destination MTA. Any errors or status information from the destination MTA will be passed back to the sending MTA through the proxy. Uses SMTP proxies are commonly used to process and filter inbound and outbound email traffic. Inbound SMTP proxying SMTP proxies often serve as the initial, network-facing layer in an email system, processing SMTP connections from clients before forwarding data to a second layer of mail servers. SMTP proxies often implement the first and/or only layer of defence in an inbound anti-spam filtering system, where they can analyze messages using a spam content filter or antivirus program, block or rate limit connections using DNS blacklists and reputation systems, an ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Greylisting (email)
Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted. How it works A server employing greylisting temporarily rejects email from unknown or suspicious sources by sending 4xx reply codes ("please call back later"), as defined in the Simple Mail Transfer Protocol (SMTP). Fully capable SMTP implementations are expected to maintain queues for retrying message transmissions in such cases, and so while legitimate mail may be delayed, it should still get through. The temporary rejection can be issued at different stages of the SMTP dialogue, allowing an implementation to store more or less data about the incoming message. The trade-off is more work and bandwidth for more exact matching of retries with original messages. ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Forward Confirmed Reverse DNS
Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. David Barr published an opinion iRFC 1912(Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself. A FCrDNS verification can create a weak form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address. While weak, this authentication is strong enough that it can be used for whitelisting purposes because spammers and phishers cannot usually by-pass this verification when they use zombie compute ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Sender ID
Sender ID is an historic anti- spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework (SPF) and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408. Principles of operation Sender ID is heavily based on SPF, with only a few additions. Sender ID tries to improve on SPF: SPF does not verify the header addresses (of which there can be more than one) that indicate the claimed sending party. One of these header addresses is typically displayed to the user and may be used to reply to emails. These header addresses can be different from the address that SPF tries to verify; that is, SPF verifies only the "MAIL FROM" address, also called the envelope sender. However, there are many similar email header fields that all contain sending party information; therefore Sender ID defines in RFC 4407 a Purported Responsible Address (PRA) as well as a set of heuristi ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


DKIM
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients. DKIM is an Internet Standard. It is defined in RFC 6376, dated September 2011; with updates in RFC 8301 and RFC 8463. Overview The need for ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Sender Policy Framework
Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing), a technique often used in phishing and email spam. SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain. Sender Policy Framework is defined in RFC 7208 dated April 2014 as a "proposed standard". History The first public mention of the concept was in 2000 but went mostly unnoticed. No mention was made of the concept again until a first att ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Mail Transfer Agent
The mail or post is a system for physically transporting postcards, letters, and parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid-19th century, national postal systems have generally been established as a government monopoly, with a fee on the article prepaid. Proof of payment is usually in the form of an adhesive postage stamp, but a postage meter is also used for bulk mailing. With the advent of email, the retronym "snail mail" was coined. Postal authorities often have functions aside from transporting letters. In some countries, a postal, telegraph and telephone (PTT) service oversees the postal system, in addition to telephone and telegraph systems. Some countries' postal systems allow for savings accounts and handle applications for passports. The Universal Postal Union (UPU), established in 1874, includes 192 member countries and sets the rules for international mail exchanges as a Specialize ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]