[nsp-sec] Bounce message backscatter attack against abuse mailbox
Larry J. Blunk
ljb at merit.edu
Thu Apr 24 11:01:36 EDT 2008
Steven Spence wrote:
> Larry J. Blunk wrote:
>> ----------- nsp-security Confidential --------
>>
>>
>> We had this happen a couple nights ago with one
>> of our addresses (not abuse). Not clear if this was
>> just to send spam from a legitimate looking address
>> or some sort of attack. I ended up setting up an SPF
>> record for the domain (but this was after the bounces
>> had ended). Anyone know if SPF records will help
>> prevent this?
>>
>> -Larry Blunk
>> Merit
>>
>
> Possibly if the people giving you backscatter check SPF records
> and use the results to do something constructive. Of course
> if they had the sense to enable SPF then they should also have the
> sense to check for valid recipients during the SMTP conversation...
>
> Steven
Some of the email was to Google hosted domains and
at least their servers indicated they were doing an SPF check.
I just recalled that the bounce backscatter issue was raised on
Slashdot a couple weeks ago --
http://tech.slashdot.org/tech/08/04/08/2258246.shtml
Doesn't seem like an issue specific to Google though and
only a few of the emails seem to be going to Google hosted
domains.
-Larry
More information about the nsp-security
mailing list