|
|
|
Block E-Mail Bounces with BATV
By: Larry Seltzer
2006-07-27
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Block E-Mail Bounces with BATV (
Page 1 of 2 ) Opinion: A new standard, implemented in IronPort hardware, can nip blowback in the bud.Imagine your incoming e-mail volume suddenly leaping 360 times above normal. Its not spam, not strictly speaking. Its a misdirected bounce attack.
Bounces used to be a good and useful thing. When you send an e-mail to an invalid address or make some other sort of error, you want to know that it didnt go well. But along the way, bounces got abused just like everything wholesome about e-mail to the point where you had to avoid them as a matter of course.
First, bounces became accomplices to spamming through directory harvest attacks. In this attack, a spammer picks a domain and sends out a large number of messages, guessing at the user name portion of the e-mail address and probably pulling a lot of them out of a directory of names (e.g., john@foo.com, martha@foo.com, etc.). If the spammer gets a bounce on a message, then its not an address in that domain. The messages that dont bounce are real addresses, and then you spam them. Because of this threat, many domains dont send back bounces for wrong addresses anymore.
Another threat these days is what is sometimes called spam blowback. As most of you know, when an e-mail is sent on the Internet from sender@foo.com to recipient@bar.com, there is no mechanism with which the folks at bar.com can confirm that the message was in fact sent by sender@foo.com, or from anyone at foo.com.
So imagine that the message is false and not sent by anyone at foo.com and that there is no user "recipient" at bar.com. If bar.com still sends bounce messages, it will send them to foo.com. Sender@foo.com (if there is such a user), receiving the bounce message, will say to himself, "Huh? I didnt send this."
 SMTP authentication standards work may have hit a wall, but the industry has taken the ball and run with it. Click here to read more.
Now imagine that a major phishing attack goes out with millions of e-mails sent from support@facelessnationalbank.com. Some percentage of these messages, amounting to a very large absolute number, will be wrong, and the bounces will "blow back" to the mail server at Faceless National.
This has the potential to massively clog the banks infrastructure. According to IronPort, one bounce attack against US Life Insurance increased its inbound mail volume from the typical 10,000 messages to 3,653,201. A jump like that will cause anyone problems. And often the bounce messages themselves will contain malware.
Next page: The answer to blowback.
|
|
�������x}r8s;�iW1ŋvI�%5m[�KU��%B��!)rbbq3��-R9\QD d"3H$��$sG7L{B.�cnQ?sOG�3齿O$w��}��L9UQ#C3W)92� E]0eNznDz���p��Dw�d�>J�`OS{S
�)5'Ӡ5> Q}_6g2z9o0�f��E63&��6I���E9�J�Dq�DRงGEQ>�߱L㈄-:��;|w*UN�83p{�f_ʞ0�IQI�M"x<&j�>vn=ݣ�2`~�|!�k�`T黖8$C��M-G ؓ�ۭ@5l�v�y!rs�#�g�ݻ�HݠLo$Gd`jI:D*"4��C2R!p�
�9%Rը>3-u@|ݖ|cXulAzf@��dȢ�q/#!꿩$f
0���̳X�#vRp�ce[�]6g5�]v9s8$sz7
�wZENX*�
?q7tJa��H��9��E��sؗCY֍aF�Y6o@�YGZ*մ��*rM)֎+{6{2SGQ}˯sj.z� �?
n0t�h;@R�y]
Z
sruO}~A�6nx�9vtx/ȯ�YJM~cDR�˅,D>��-
�,ֳP��u/kzQҏZ-o[jZAS# TFIna�>E�4fEU�2q}oe}}uI}rv|i"|c9̠V*�PFfЊ%+5��Q9m<_st.[ݛ�9^VsCV=BgCj�`Bm�iuuUZz�n`Kk'ޮC燙EXCy�Ca#U~Ff=ji�o]}:>$7�Yn[�gs�`HmDm[ܾ̑\R�yǛk�a(�7F`X@7�? iP2\M8��X@/@ש#atBjmҔ�
�9B�:%ϹyWϝ�7�>hr�
Ce)#8?S݃I��hJq�䰉c,XSl �RM4x O
XR�U��>hI"E[fT}O��%ތ��E z%Kus7p#K��ǰfe՜Ӆ�]Wa�oY#L
.�ϱ'v"e.ڽ^c�8^%g�5F8�,i�eݴ%!�8WG5MGRŦcfzT���b�(7Z`Lm�,��5,L�tϭ `6 �::�~g�>QÜCݶ�OCGs�>H2胎6ml�-ƙ�裩I��Xn`Nt�&hqp{4�ڭ�-%_� ><��zN�j$�>6(Z�χ�`�˦Mf@B9��{ǻ�ޚA�<�QС4}a���q�jQ?]�*~s��=w= H�
�X.�s�6G~>4-0����%6A\KQ�o�-�2(%�E2� E�EK�y3@� $h�5a��z����/m�bo$w$]I+TbD8�JnO�u$;�gJ�"ڹLX*QY,p[/ �͙JRdq4�[LboD��6�]�,�S�mo3-m�uk�{XT4V§#&csd�f�z{@ZWgi� K0w�?a!1s WQ�'��s�?{\
�7!v<9�%�t0�fX�fZ1k`Ja�Ǻ@����2iE3ӆ��MI|��B3<
I8M{lz:eR#O>0�8[r�dž�fX8oÕ�=5q
�TfҬ||=厬m_4�@>J|�z[.z:
%�r%�
5kb�$T`CfL
�JeH�ǝ:~L�ҧ��;BSjb�35-F �
?
|��'��+�ȁUrqXk0읶Wׅ])ϥ_8̧6�i+�Co���LsC�m0�Ǧ�"}Zl"GOw]�)W=B~*%1�IO5 &^PGe��d�^s`M[`R9cDzl lF� CQ>-D.L{�� ��ipj�^�DZ��i�If~~~0*L�y�.r�~� 2q͝a&�9~
�>AS-cfD�L3$!OT_'�E)'x>�5 �dh*O|INtH�F� "=��y��jm��s}�!T0�|"�
�VD0pl)5tl*FuIx�-!�/?�ˇI%$��tX2�=:{>Q�7Ϗ9(gdW%d��)>�'HR-��ʪZ��J��~~{ ��ߥ#q�'|}1/Nݟoh`�1{R��Jo�?�0t�.tȕ`s|eL�Fմ�lxTa)R��y=0f�݅rI6S07�GGѽWKV'=�iv����jGs�w�q�5�`EY_�͡ޭ�쮫�F���'F��� ����vo�S�(0f�4Ӣ-R�x�sֽe=UN᧘ZЁQ}/5u<|X\.�``!>�`LQ]S؇٨b_@�UR�TʚwZu^�,_]hD1(dyD4@/=q8bk
�lBk�}rq�@l#RaCݜ5�m�"uy@VI�JXhQ;_6MONVШ6>s7}&mno^{y��˙�yrN?dZKp|avKre�H˷��"gf��ItLe``l�ʀkxG�2gdQ�J�hU�m{\ c4�w��y�N1 Qv}b;_&I|SeUȣV�)k�i�+TX ?�3pa-XPjh�3HU5}�EO
�C/
PNZC^�$G|)�AU��%UHU(V
�$�y�U��rm�4r�Ok�,���ش�/6"h ޜ-�c�z�[
e|\+̖�K%�4e3/�-9@X�2(�,�~W9ـo9�|\V*Z�슣d9#�T�`| @-a'd1s<�œo
=$Є�_؆
+�~7?l)ɡX�XD�>DiF\{e"�>QP(�����ۿ�~Ъ�[(
L ��$q�)YUi�hja{I1�~G]ItM?;$�Sv/is��0q�3nnt/� �3�9kw><�{>kq 4
}U\8$#�_>^w?]EcM�qoSR=h3 J@���G$bw}�ɾ3zV^5[G隿ð
Oa��區���wsѼع�_>wQ#rlK^+ G�w"y!KrB�ë<'uxi)q�ڎ7�M
,#L�kC�K#fWDHۀ�h!�u}͙��b9�kI.Dz=d_5�g0�Gh4�lꏽ5/Q�֭
Bf/�3�bB!|JgG<؇AP#��{ z�H)'4��N%:�\bϻ;$��B�0F�D_TJi�)W4f'u�Sxjt)��5�E_�ſ��}i�
T
�t6~OW+0waAdakF+9mZϤ{~@H�y�
9/g�`�IBܨ2�7��?xKP -Mu?So�4�jG�Yk�NE�m�{-~=`��rr���PR)&bz�&I;ɨG%uyjtJ1SBt��02H P6,O&e=lI1 iKBih%bbVHRo�wռܞ6<1ޥ]ƙBǝƗH���Ζ�f��̗4.נ�y8��V�#["|�)-&GX!*VZRZzl*$'?v��81
VA�ΈvY��?{xX��L7mD1CZ]ry}M_gq�W�{��$� t{D��w{�.|ʜ(=}![3'zxyu?sFΛ��ۿu�ue's�w)�t>Niimǡ8�
��0�^l"4P$yUZVU�$]d%��F�tZx@2�&n_�%3�=яk�i^�x̠t;g{f�1vn�GP >Y>�]bw�P�;_z͞YiIu�/K\�-"Pn'ZZ�|>W%0.ց_�'p5dn�V،SLsQW�J'��2_vT^�''\/_z︤DOa�e1�þ�ӯ}ycH62,�xOY*FVJ}:3mX[�Gu$rHN9q�[)�95l"!:�8E4}tn�>�'P~0_y/t)Ʌ9s!щ�~@# )Je^,OAɛ.�k7j�dlH�
��$-1�qShiћO&Gɒ��pE<�`yjί9`��b��JIp�(&�N�?L��MYMY&a�M>sB8Vc"Pb�o0�Ky,c��<<\t!\}��lZ)"]e�i��A�x�-b�mHohc;qKUR�Iٚ[
/-�@`��+.W��@���a�R����`�-^9/Ȕ)O&]9&��cG�bs-3�&@a(c�C��%�(Τ�P��%1з�ϠMHgwwb$-�^|DL
hy P�ܻ3aR*TX�H"��p�Xb�oޞ�ISd+d�܉ije3G��!�C=\H#.gQ�"K�ُ��I�w!�b����ƶ5wd�U5Mř&N�|#R��(+>-z#RVJ1be�I� l �[/@>ϡI�/?+�wH7�Q0�\\Q[[[[RMѴ{�cNvĿ�K�.�cc+��-SOQ̜%�EY�����t/xQ�s\9���ԥٚoG���H�ۊ�e�Vö0+mA�o;r5"Z<}νE վ�u�IKӳ�dr|��+τtjz~LNc-�!a-lA-g�$gHɗ`EmŅb6Xd5Fu̩4\H9,�9(6�=k$��^\���iho9J�D�_ܒ]-v�I.`�4ncR�/g=��#qs"͋C�#}|=�}q6^�b�F�Dzt\M(�f#`h�2˖&It`8Ի8�&�ְ�x�R�R�F/7@��
�J\/Aڒ_.us}#u8t�)Oϥ.^@�)irQ]dC¡��� 8"=,:�G�\1_�M�;�+[{ܛ�Rŧ(\_Po�;�BM�EJ7o[V�:M^nh�G����VJm#-�5�/}qRo-CKsЙ�lw}iY�5u`YZ�6rv7[~�+\��mj�v���ע}mܗN�CX�|ԡǙ�A�'��1L�z�Jފ1\�
�=�7�V
�A�-�A���x32�Ԉ|cؾ�ۃ=e,|K�t7��Õ9�X�qq&�o�|�FoHmq2F0�c5^ON]yo`5ѪJ>cwUVd�.!q,�8nBk;eO;n�<�0[�#�1D��OYGa_ �W�-mkgd:#I#
r/�t_Cv3�?B� ��(O��A?�Ɩ�7l�I鬣Aa�JN�k��\�G�lpLA0w$`5+ly[ӫ_ȅL�8�?p�W?D�RĄ�_|�4#ķzn7Gg^V�Sn{ �Tt�f
{�fAS��.ԍ��m�#l�(M#7�ۀږձ�H(JSU_tׅ�dUoko#fyΜ;(}V)˚jhk+1}el6�_�?���FRˬ��F$I3�Ʊ�+}Yb8ET1̭-�UdnK�#�V�HU�
y�A�|`߱1 R�p�x@Q�+KWH�]X߷8�5B̫״�d=I^F�ZɋFP�ъ#;Ћ�Ä3d�3K:
!L�y�p���wT�a1tq*o��(rTk�ʁV=P�,�G�Y+
Z(C^PB^ݙ��KM=1I�rr1�ꚚrMl
@�(�~MZ�C �O��]�c)I�5ˋ����AE!�:�!6�
KfR�lǛ
a>ðeS,�Y4JK711\R�BRSK.}KRG*�+N+ߥt��W��BZcīp��Wes{��ɣ.�j"*R
�jD#0Z`�?bTy
�G<)fF<�@�&L8h;�b]=�Vڹq� yK-y�-�J4sS5 77�Z}n%r�t49n�����Htf�^v�Qb�7�d-�ZM)RӰp-<�H3$[G-t��s{Ta
[�*e9
JI-Gzu9䫚RѪEU8y(2rNjD^Яx
�,TO䲈֞uvü�cn?y��r
Y�4�7yP6�K&�c(�LtxZډ�BL�k�BIo��H$�L]�U#
`�x=J(��F�9'yo_*�{�χ\o|J7��[�>�B8!�i�?ߎ_/{JM)`jI$u2��C:��lZ
P�hĖIED#Thb��GF#Os�uǤۭpx�X�0!,���YC) Q?��&]ӆۈ��)��0�05g3bwt]�����D�ss�%%�zH�"V|8snj=J<
r�j~n|W �c)q��(b�WU��
�T�,G,(Ϗ�B5D��SJTmn$|�s�&7|ь�S�,0Au�A"�\2,�GGA~2?u:�R�O���%~�6t0^Q�1e&��}�n�%nN���K
щb$�P!%�h$bcx=9`1[@2dzwȗ>0�(��-Ō��CZQJФ*t�!dW`ǪZJoWv'xy2n?7#.4W
)WPx����s#cvFC�dQ̛t@|�LBz،\Sݾ�k4ο5iv>�N;WN�ϻ7x,
Zӷptԝsm}9^}9\;\hT湾��L',C
rzټh3;eNq(gE B*rK��xU�<
/�%L�qx&N�IwPJTَ/!j�bTթ4�W?Iz
uӲ�r�:/Пxu3�K_M8FS�A^�^Z�+�!PU8iz67a�nq���4ħyO\#4[E9yF/PKFPkF5_o.?i�63ʻP(GNo.o�
Z�(?\~
9͠Gnj�6urN+2ʡsQ�d^K/�\~�3l��"����{A�E�}.��/?/2�"?QF/3�3Ϡ,oP�((�K��..n~f+�2���2�3�(O_23*�>g�9~7P~U�{7MF77�$)c�f5pvJEsQ^53T�}~�)�P�5(ge�3�Vڍn�a�{Ar!{�e_/C@/q>�sum%�R+��]Q%sh8VҮ�۸/6�
h}1Ɨ^ZG%/ޤ^��Y"x�}s&pN!3J81�|�HM�ԳpNR�?Ѱs�3@�t=h{@$ߛ8�,@�,��H$·RiE�rT)玾ߓJ0l��UUEVr�o9�VVjb�`"�
*�s>P�`26UJ`
�z!�J1
=4c֭dKo1;BDO" щwSF]WeL+,e�'Eu//��{_۱��C����f@�2b/�`{8��z5�(�F?0}i6VI�2hؐCK؊9NحQ0�
�|wNT�3|X&38W
!�7'�hlգ{wh9ĉiSr�O�?gR�H3�7rɌB΄[6пCos%(ML/t6�����Q��;|sst˭�d<@T6�rށwr$~H-�}�I�\#u{̪��4yxa�w���.
]T�K��<}{"0~.��eŤe�@��N_c�ś�/`=ݤ1ꬸ�פ~�$r�:�O-'c@诿N`Xkt J7B����3Σ�8��̆I
�ůD|݅N,g7y=y
�Gg'4WBMx�Yu�m&C߱iB�
.�~;W,Xw3LX#e� �\1SSFӹ"=ǚ��X?(�xc�läo˺K�1,�{ԟ1P
E]3)^xzA߭Ud#ə�
B|��,+-
O*HQq1^R�s]qW4{R��}�x��/ē_|
3�Obx`#Yұ�ߞQ
TDO�2Ntx9=�|E>n[~Qڗ�E@1agG�;(�HYUҎ_[@B��PɑX�)u�n'|oW|F�,[�kl`N��B�`t��խ`*�s��ˠvS푀*ع�Ә1J1А8v2COA#t
k�e[� ��O2�#.[0S�u ѫ�v�l>cx 'Lw}�5&Tc� :۳|�?��O�e Lt8/o90�kn>7Q$�L{�ˍt�_f%�\!dW<�l[� +"���ۂ��K-Ӭ>sV¥"UXJM���X,8.� �tm�QK
.�9���Bu�z��Ϸ;���<�v7�sCk_2ҵe�>�vį-�Ǭ�vJK=73JpC)�tO�ĝ˰��ANt3B׀5V`��=H�]S(|9N�h݆G��0ޏq[�PV�l@��xS�a
�뱊v��E=b6
���v�QmQ#নN�?40(g|Nuu
|Ua=v����s�bcΜ�7 *�φŀ��{̾16��^f+1ݱ�Ut�g)C2^#s!?"L�n3m�^^kte�(n
aa��X�
|
Network Security & Hardware 
