A Solution to “Backscatter Spam”: Forefront 2010 for Microsoft Exchange Server
Spammers like to put fake information in their e-mail messages in order to sneak the message past e-mail spam filters. Because e-mail filters reject messages that come from nonexistent domains, the spammers like to make their messages look like they come from real e-mail addresses.
A spammer finds your address somewhere on the Internet, or sometimes just guesses it, and then puts it in the “from” line of his/her messages, sending them out to hundreds of thousands of recipients. When the spam gets sent to an address that is no longer active, the recipient’s email server can sometimes send you a response message (because the email server sees your email address as the one to reply to). This creates what is called “backscatter spam”.
Backscatter is the bane of every mail administrator. The technical complexities boil down to a simple user problem: they receive an email saying “I was unable to deliver your message to Recipient Y” even though they know they never intended to send a message to that recipient, and probably don’t even know who they are.
At this point, the user likely calls up their email admin and says “I’ve been compromised!” or “My email is broken! It’s sending out emails automatically without my knowledge!” Neither case is correct, but because of the technical challenge, it’s difficult to quickly sum up what has taken place. Here goes:
Email isn’t a secure delivery mechanism, by design. Any person can say that a message originates “from” a particular address. In the past, this was a tiny problem, but as spammers became more skilled, they realized they could forge a from address, send a message to an unsuspecting customer, and have the resulting non-deliverable/bounceback message (or “backscatter”) be delivered to a valid user address.
The problem from an administrative perspective is that bounceback messages are valid email messages. The problem originates with the spammer, not the mail host. Turning off non-deliverable messages is a valid solution, but does nothing to impact *incoming* backscatter, and thus, isn’t widely used, despite being an effective solution to the overall problem.
Obviously, not a quick answer to a frustrated user looking for relief.
Here at New Signature, we’ve turned off non-deliverable messages originating from incorrect hosts for some time now. This has served to reduce the problem on the internet at large, but until recently, we haven’t had a perfect tool to reduce the amount of incoming backscatter. Now we do.
The latest version of Forefront, Forefront 2010 for Exchange, includes native backscatter prevention. The details are even more technical, but the method involves applying a special stamp to each outgoing email. When non-deliverable messages enter the organization, they are checked for the presence of the stamp. If it exists, the email is delivered, if not, the message is silently discarded. From a user perspecive, the result is significant: a complete lack of backscatter. From an administrative perspective, the result is also significant, because Forefront 2010 doesn’t introduce another single point of failure in the organization.
To find out how New Signature can implement backscatter protection for your organization, just give us a ring.