For questions regarding this Help System, write to support@register4less.com
(Answer) (Category) Help System : (Category) Email Services :
Email: What is Bounce Spam?

Spoofed "From" or "Reply-To" in Spam

October 2, 2006

We have recently seen a significant increase in customer reports of what we call Bounce Spam. This is one of the dirty tricks spamers will use, and in this case it is done to deflect bounces from returning to the spammer.

It is a common misconception that people will think this is an indication that their mailbox/service has been hacked by the spammer and that mail is being sent directly from their mailbox.

How this works

  • Spammers will often use a guessed or made up email address as the From or Reply-To address on spam they send. To get past mail filters, they will base the address on a registered and active domain.
  • Once an address is chosen, they start sending out thousands and thousands of email messages.
  • Most of the messages that do not get delivered, either because they are being sent to an invalid address or being rejected due to a spam filter, will get bounced back to the From or Reply-To address, which, in this case, is a spoofed address.
  • The owner of the mailbox or person with a forwarding service on this domain gets a flood of bounce notifications. This of course makes reading your legitimate email difficult, and can overload your mailbox, causing you not to receive legitimate email.

What can I do to defend against this?

If you see the bounces, you can analyze the message headers and text to try to locate source of the spammer and report it.

Most people, however, will not have the time or the technical skills to do this.

You may need to look at the addresses the bounce notifications are being sent to, and disable an alias if it's being hit by this.

Register4Less.com will be discontinuing the catch-all forwarding as of October 16th 2006. This should help prevent most cases where bounce spam will get forwarded to customers mailboxes. Spammers will not only guess at email addresses to send spam to, they also will use a guessed address in the spam they are sending. They will "Spoof" the address as either the From or ReplyTo address in the mass mailing. This is done to redirect bounces and complaints from their ISP connection. The result of this kind of abuse is hundreds or thousands of bounced emails, plus multiple complaints of spam abuse being directed at your mailbox. Again, not having catch-all enabled will greatly reduce the chances of being affected by this practice.

This document is: http://register4less.com/cgi-bin/fom.cgi?file=210
[Search] [Appearance]
This is a Faq-O-Matic 2.719.