More About the Backscatter Problem

In a previous bulletin, we discussed the impact of a spammer sending a large run of spam messages in my name. We estimate that in the space of 48 hours, the spammer's botnet spewed 10 million messages that appeared to come from one of my privately owned domains.

A small percentage of those messages bounced, resulting in 25,000 bounces in my email over a 48-hour period. At its peak, I received one misdirected bounce per second. Many of the bounces included images -- about half a gigabyte of unwanted, "backscatter" email.

Here are some further thoughts:

  1. Many messaging managers and ISP abuse desks seem to think that bouncing messages to innocent third parties -- not rejecting them during the SMTP session -- is perfectly acceptable behavior. It isn't. Making vague claims that such bounces are required "by the Internet standards" only displays ignorance and increases the likelihood that such backscatter sources get listed in blacklists and other reputation databases.
  2. Many messaging managers and ISP abuse desks seem to think auto-replying to spam is perfectly acceptable behavior, too. It isn't. Arguing that (for example) it's critical that medical patients know that their doctor is on vacation is practically an admission that the email system is badly run.
  3. Challenge/response spam filters are an extremely bad idea. Misdirected challenges are as bad as spam, and it's not my job to filter your spam. As we've previously said, challenge/response filtering doesn't scale and suffers from far less accuracy than state-of-the-art spam filters that filter based on reputation, content, and intent. Culprits include: EarthLink, Sendio, Cashette, PMDF, Spam Arrest, UOL, and many others.

... Richi Jennings

Post a comment

You must be logged in to post a comment. To comment, first join our community.