I have done some analysis on bounce spam.
Actually, the spammer sending out the spam has used the victim's email address as the sender and the spam message is purposely send to a non-existing users of a mail server. This is done by froging the "To: and From" fields in the email message. Since there is no such user in the receiving mail server, the mail server will perform its job to bounce-back the spam message to the email address in accordance with the "From:" field of the spamming message.
Bounce spam is a new technique not used in the past. It is found quite recently. The single purpose of using this indirect method is to circumvent anti-spam systems. Spammers know very well that IP addresses of compromised hosts, open relays and zombies are often listed in blacklist systems or can not get through reputation-based anti-spam engines .
Bounce spam is NOT effective since many users will just simply delete messages from their INBOX which say messages "Non-deliverable" or "User-Unknown". Those caring users will open and see what happen. However, it is still a valid and perhaps guaranteed means of dropping a spam message to the target recipient instead of directly sending out from open relays, compromised hosts or zombies which has a high chance of being blocked.
No comments:
Post a Comment