IronPort Wants To Give Bounce Spam The Boot

Bounce spam, one of spammers' latest tactics, involves crafting e-mails that are intentionally designed to be returned, or 'bounced,' in order to reach their intended targets. In a bounce spam attack, the spammer crafts an e-mail with a fake, non-working recipient address and then spoofs the return address to make it look like the message is coming from the intended target. The spammer then sends the e-mail to a third party e-mail server, which bounces the message back to the target via the spoofed e-mail address.

"Bounce attacks are one of the last open holes in the network when it comes to e-mail security. The problem is like the 'secondhand smoke' of spam in the way it wreaks havoc on networks," said Peter Schlampp, senior director of product management at San Bruno, Calif.-based IronPort.

Bounce spam is a virus delivery vehicle and enables spammers to evade spam filters by bouncing files through to the destination, Schlampp said. "It's also definitely a threat for denial-of-service attacks, because lots of mail servers can't handle the volume of incoming e-mail," he said.

Bounce spam also can lead to the e-mail servers of legitimate companies being blacklisted and labeled as spam conduits, he said.

id
unit-1659132512259
type
Sponsored post

IronPort's bounce verification technology puts a signature on each e-mail going out that is checked against all incoming mail, enabling companies to keep bounce spam e-mails from getting through the e-mail gateway, Schlampp said.

Tom MacArthur, principal of Storbase, a Waltham, Mass., solution provider, said many of his SMB customers have been particularly hard hit with performance problems associated with bounce attacks.

"Bounce verification is a cutting-edge technology that addresses a serious threat, and it isn't just another 'me too' technology like a lot of the traditional virus and spam protection tools in the market," MacArthur said.

Bounce verification capabilities are available on IronPort's C-Series and X-Series e-mail security appliances.