IronPort’s Nice New Bounce Control

Bounced spam is a big and growing problem. What happens is that the spammer sends out email purporting to have you as the sender. Many of the emails sent get bounced back -- to you. These bounces-as-a-result-of-forgery are a major cause of irritating backscatter.

Controlling bounced spam is difficult. It's hard for anti-spam products to tell what's spam that's being bounced, as opposed to bona fide email that ends up being bounced back because you mistyped the email address, for example.

IronPort has just released a very nice new feature that should significantly reduce the phony bounced spam that its customers receive, and help users receive the valid bounces that they want/need to see. It'll also significantly reduce help desk calls -- users get perplexed by bounce messages for email they didn't send.

Simply put, IronPort automatically stamps outgoing email with a watermark*. It then checks incoming bounced email. If it's got the watermark, the email is let through. It's based on an IETF draft, Bounce Address Tag Validation (BATV). IronPort's an early player to adopt this; expect others to do so.

... David Ferris

* The watermark is a digital signature of the sender's address, encoded in the RFC 2821 MAIL FROM address.

One Comment

  1. Posted August 7, 2006 at 7:52 AM | Permalink

    When an IronPort end user sends an email message via a non-IronPort server (say, their home DSL provider’s mail server), the MAIL FROM is of course not signed. If that message bounces, the bounce will go back to the IronPort system (not the ISP’s mail server) without the correct BATV signature and will be dropped on the floor.

    Is this a serious consideration for people who wish to use BATV as a bounce avoidance tool? IMHO, BATV is of limited use in deleting bounces. At best, you can safely use BATV to ensure that approved bounces are not filtered as spam.

  2. Posted August 7, 2006 at 9:29 AM | Permalink

    Ken, I don’t think it is, no.

    Increasingly it’s seen as a bad idea for employees to submit mail “from” their company via their ISP. In most cases, IT departments should be enforcing the use of secure submission via the company email infrastructure, using techniques such as SMTP AUTH (preferably with SMTPS), Exchange RPC-over-HTTPS, or VPNs.

Post a comment

You must be logged in to post a comment. To comment, first join our community.