ArabianBusiness.com - Middle East Business News Saturday, 30 August 2008 | 19:05 UAE time

YOUR DIRECTORY /

Print this page Print this page | Email this to a friend Email this to a friend | Discuss this article (1 Comments) |

Where do Bounce Messages come from?

by Kelly Conley on Wednesday, 23 July 2008

John Doe, sitting at his office, was scrolling through his inbox when he noticed this email:

Subject: Mail delivery failed: returning message to sender

John thought to himself "Message delivery failed? Did my message to Jane get blocked?" Then, he proceeded to open the message and found that it was an online pharmacy spam message he allegedly ‘sent'. John is initially puzzled because he never sent that message himself. Soon, he realizes that the message is NDR spam.

Story continues below
advertisement

Symantec has observed a wave of Non-Delivery Receipt (NDR) attacks over last month. While this technique is certainly not new, a spike in volume was significant enough for us to take a deeper look. A lot of people are confused about these messages. Where do they come from? What is the purpose?

This spam type is a crafty technique used by some spammers. Rather than inserting the spam victims' email addresses in the ‘To' line of the message, NDR spammers insert the addresses into the ‘From' line. Next, the spammer sends that message to a server with a random inbox as the destination. This message travels to the destination, only to get bounced back to the original ‘sender' because the mailbox does not exist. Because the ‘From' line has been spoofed, the spam victim receives the bounced spam message.

Some mail servers are configured to include the entire original message in the bounce. This is the desired result of the NDR spammer as the spam victim will look at the original spam when combing through the bounce message.

The spammer is gambling on the recipient having a higher likelihood of opening this type of message since the subject line is vague enough to not indicate obvious spam. Most people use their emails daily and when they see a bounce message the natural instinct is to open it up and check to see which of the sent messages was not received. Of course if you haven't sent an email recently and you receive a bounce spam in your inbox the chances that it is NDR spam are highly likely as it appears to be the spam type of choice recently for spammers. Do not open bounce messages unless you have recently sent mail.

Kelly Conley is Manager of Anti-Spam Research, Symantec Security Response

Print Print | Email Email | Discuss this article |


TOP IN MIDDLE EAST TECHNOLOGY

  1. Saudi to ease food crisis with investment
  2. Banned websites unblocked by Etisalat
  3. Kuwait's Agility bags Australia deal
  4. Channel cautious over LCD price recovery talk
  5. Iraq to sign first long-term oil deals since Saddam

TOP MIDDLE EAST BUSINESS STORIES

  1. Benazir Bhutto widower fears for life
  2. Iran warns any attack will start 'world war'
  3. Massive evacuation as millions hit by India floods
  4. UAE blamed for Australian 'man drought'
  5. Sheikh Mohammed releases 777 prisoners

ALSO IN MIDDLE EAST TECHNOLOGY

  1. Open potential
  2. Eye on Jordan
  3. Growth factor
  4. Meeting capacity needs
  5. Friend or foe?

LATEST MIDDLE EAST BUSINESS COMMENT

  1. Construction & Industry: Keeping company costs cut
  2. Construction & Industry: Don't waste your breath
  3. Culture & Society: Assume nothing
  4. Culture & Society: The Ramadan experience
  5. Banking & Finance: Gekko greed no longer good

USER COMMENTS (1 COMMENTS)

How does it help the spammers.
Posted by Smita, Dxb, UAE on 12 August 2008 at 08:24 UAE time


Just wanted to know if opening a message can compromise the security of the computer. I was under the impression that only opening infected attachments can do that.

CLICK HERE TO POST A COMMENT

Add your Comment
All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Name *
Remember me on this computer
Email *
(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Security Code * Code


Please click post only once - your comment will not be published immediately.

RELATED STORIES

Symantec
| 3 stories
  1. Tall latte, hold the malware
    16 Aug '08 | Comment
  2. Middle East falls prey to Coreflood malware
    7 Aug '08 | News
  3. Symantec reinforces NAC solutions
    30 Jul '08 | News

RELATED LINKS

  1. Symantec»
Related links open in a new window and are not endorsed by ArabianBusiness.com.

 EMAIL ALERTS

  1. Symantec

  2. Technology


« previous article in this section
Managing food safety
next article in this section »
Keeping company costs cut

MOST POPULAR TECHNOLOGY STORIES

BUSINESS FEATURES

Mergers ahead for Middle East telcos

For many regional telecom operators, making acquisitions or merging could be the key to their survival.

The cheapest laptop in the world

Taiwanese vendor Carapelli's Impulse NPX-9000 stakes a claim to the low-end of the netbook market.

The deal closer

CRM products are notoriously difficult to differentiate in terms of functionality, so ACN's here to help.

ArabianBusiness.com/Jobs - Middle East Jobs Search
  1. Assistant Executive System Engineer
    Industry: IT & Telecoms
    Location: Dubai, UAE
  2. Creative Director
    Industry: IT & Telecoms
    Location: Dubai, UAE
Browse all jobs »

BUSINESS INTERVIEWS

Sanyo's green ambition

Sanyo Middle East's chief regional officer, Takashi Hirao, on the company's plans to go green.

Roman’s empire

Dubai-based firm Aroma Software is bringing e-prescribing software support to the medical market.

Crossing borders

PalTel has implemented Nortel soft switches as the first step of a major organisation transformation.

MORE FROM ARABIANBUSINESS.COM

JOBS

Jobs

SPECIAL REPORTS

Special Reports

SURVEYS & REPORTS

Research

PROPERTY

property