All the latest UK technology news, reviews and analysis
|
|
|
05 Aug 2008
The victims of hackers who have compromised or spoofed legitimate email accounts to send out spam are being flooded with failed delivery messages, according to security software firm Webroot.
The phenomenon known as 'backscatter' is rendering many peoples' email accounts useless as the account essentially falls victim to a type of denial-of-service attack as the account flounders under a deluge of bounce backs and out-of-office and full inbox auto-replies.
"Ninety per cent of over six trillion business emails this year will be spam," said Mike Irwin, chief operating officer at Webroot.
"This volume puts IT resources under an incredible strain to manage not only the spam but the ensuing backscatter. Just recently an ISP was driven offline while trying to absorb 10,000 backscatter messages per second."
Irwin reckons backscatter can be particularly devastating for smaller businesses that lack the luxury of a dedicated IT department to help effectively deal with this problem.
According to Webroot, the biggest problem with backscatter is that the responses are essentially legitimate and so very difficult to be tagged as spam by traditional filters.
To help counter this, the company has developed a technique called Bounce Address Tag Validation to mark every message sent through its servers with a timestamp and unique cryptographic signature that cannot be duplicated.
Then any email that enters the network as a failed delivery message without this signature can be marked as spam and blocked.
Latest stories from Servers
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Assistant Director - Infrastructure - London - required...
A well established homeware brand is looking for an experienced...
Join a team that is revolutionising the way media is...
Linux Server Support Analyst - Bristol/Bath £20,000 plus...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Nothing you can do.
Once you start receiving the backscatter, you can't do much at all. This is a case of 'prevention is better then cure' 1) when choosing an email address, make it one that's not easy to guess - no words from the dictionary, and avoid simple names. A lot of 'attacks' are 'dictionary attacks' - meaning they take a huge list of words, and try sending emails with every combination on the list.. they don't care if 90% fail 2) have 2 email addresses - your real one you communicate with people you know, and a 'throwaway' address you can use to fill in web site forms with - you never know what web site owners will do with your email address. If your throwaway address starts getting spam .. get a new one! 3) make sure your virus and malware scanning programs are up to date. If your email address is 'in the wild' chances it came from your, or your friends computer being affected by a virus.
Posted by: Suzi 30 Nov 2008
what can I do?
Today I've had 16 'failed' messages returned. (When I've been away from the house!!) What can I do, it's mostly foreign or goobledegook AND passed on to my contacts who think I've been drinking.
Posted by: v shaw 04 Nov 2008