Home > A spammer's weapon: The envelope sender address
Book Chapter:
EMAIL THIS

A spammer's weapon: The envelope sender address

19 Apr 2005 | Addison-Wesley

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

sendmail Milters:                   A Guide for Fighting Spam

By Bryan Costales and Marcia Flynt                                    352 pages; $35.99           Addison-Wesley

All Internet e-mail is sent using a protocol called SMTP (Simple Mail Transfer Protocol). In SMTP, mail is sent in units called envelopes. First the address of the envelope sender is sent, followed by one or more envelope recipient addresses. Finally the actual message is sent, headers and body together. Note that the final recipient sees only the headers and body. Envelope information is generally visible only to sendmail and its Milters.

When a user replies to an e-mail message, the reply is generally sent to the header sender — the address listed in the From: header. But when a message is bounced, the bounce reply is generally sent to the envelope sender address.

Spam sites have learned about this property of e-mail and can use it to their advantage. Spammers know that a large percentage of the email they send will bounce, but they do not care about bounces. Even if an address in a list continues to bounce, spammers will not remove it, because the cost of cleaning their lists is too high.

More Information

Read the full chapter

More book chapters and reviews

E-mail Security School

Some spam detection software looks at the envelope sender on the theory that the envelope sender will point to the spam-sending site, because that is where bounced e-mail goes. But to avoid this type of detection (and also the potentially high volume of bounce return messages), spam-sending sites often use a false envelope sender. In other words, they lie about their identity. And not only do they lie, they also forge. That is, because many MTAs (sendmail included) reject the envelope sender if the host part of the address does not exist, spammers often use real envelope sender addresses (but not their own).

The result is that some poor user somewhere in the world will receive all of a spam site's bounces. This is certainly evil, but it is not illegal. There is nothing in the SMTP standard that can cause a sending site to tell the truth in the envelope sender specification. Because spamming sites never clean their address lists and because spamming sites often lie about the envelope sender, you should probably never bounce (reject) spam e-mail. If you do, you may be unwittingly adding to the problem by bouncing to an innocent user. In general, it is better to accept and discard spam e-mail or to accept and archive it.

An alternative (if you have some way to keep count) is to bounce spam the first time it is received from a site. In that way, if good e-mail is bounced, the sender (a real person) can contact someone at your site to have the problem corrected.


This chapter is excerpted from the new book, "sendmail Milters: A Guide for Fighting Spam," authored by Bryan Costales and Marcia Flynt, Copyright © 2005 Bryan Costales and Marcia Flynt. To learn more about the book, please visit: http://www.awprofessional.com/title/0321213335.



BROWSE BY TAG
Application and Platform Security,   Email Protection,   Email and Messaging Threats (spam, phishing, instant messaging),   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Email and Messaging Threats (spam, phishing, instant messaging)
How to prevent brute force webmail attacks
Unified communications: Securing a converged infrastructure
Chained Exploits: How to prevent phishing attacks from corporate spies
3FN.net ISP shutdown interrupts spam campaigns
Swine flu outbreak results in spam pandemic
What does 'invoked by uid 78' mean?
Economy fuels malware, spam
Internet Explorer 8 includes a bevy of security features
Adobe JBIG2 exploits being spammed, IBM warns
Fierce competition prompted new Cisco email security options
Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
CAPTCHA  (SearchSecurity.com)
challenge-response system  (SearchSecurity.com)
crimeware  (SearchSecurity.com)
pharming  (SearchSecurity.com)
phishing  (SearchSecurity.com)
Register of Known Spam Operations  (SearchSecurity.com)
Rock Phish  (SearchSecurity.com)
Sender Policy Framework  (SearchSecurity.com)
spam cocktail  (SearchSecurity.com)
spear phishing  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts