Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Ransomware and Banking Trojans are Big Business

Spam is big business. With the proliferation of botnets for hire, it takes very little effort for a spammer to send out thousands of messages at a time. These messages may contain links to websites peddling counterfeit products, or they may be laced with viruses, trojans, and various other forms of malware. The barriers to entry and costs incurred by spammers are very low

There seems to be no end to the global threat of malware spreading via spam and phishing emails and propagated by botnets around the world. Over the past few months, two threats have emerged. One is a banking trojan targeting users in Brazil, and the other is the now-infamous Cryptowall ransomware.

The banking trojans are spread via phishing emails containing CPL files, which are a type of library file that executes code once it is clicked on. Social engineering tactics are used to try to convince the message recipients that the attachment contains valuable information, such as an invoice or banking information.

Click here to learn more about these banking trojans.

The other big player in the malware arena is ransomware. A recent study has shown the proliferation of phishing emails with SVG files attached. These files, when downloaded and executed, open websites with what appears to be the CryptoWall ransomware.

Click here to learn more about CryptoWall ransomware.

The common theme for both of these threats is that the user was not exercising the proper amount of caution before opening email attachments. Both of these threats where spread via phishing emails, which use social engineering tactics to trick end users into opening these messages and clicking on links or downloading attachments.

Spammers know that end users are often the weakest link in fighting spam, so it’s in the best interest of companies of all sizes to educate their users on email safety. While most mail servers and spam gateways, such as MDaemon and SecurityGateway, have numerous tools for blocking spam & malware, no anti-spam solution is 100% fool-proof. Spammers are always seeking out new methods to trick users into opening their messages, so users must learn how to stay safe and recognize potential threats.

For a review of best practices for end users, review my post “Email Safety Tips for End Users.”

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Messages based on Keywords in SecurityGateway

If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.

SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

MDaemon Spam Filter Deep-Dive Webinar

In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Spam Fighting Techniques – An Article from AllSpammedUp

An article that discusses various spam filtering techniques was recently posted on AllSpammedUp, and I wanted to share it with you because it contains some valuable information on fighting spam.

There isn’t a single, “one size fits all” way to catch all spam. Spam filters use various techniques, such as backlists and whitelists, Bayesian analysis, trend analysis, heuristic analysis, word lists, and much more. These days, spammers are aware of many of the anti-spam techniques that are used, and they are constantly trying to find ways around these techniques by altering the spelling of keywords, forging headers and addresses, sprinkling words from literature throughout the message, and other techniques.

The article talks about using trend analysis, content filtering, word lists, blacklists, Sender Policy Framework (SPF), and Challenge-Response.

You can read the original article here:
http://www.allspammedup.com/anti-spam/

MDaemon includes many tools for fighting spam, including SPF & SenderID, heuristic analysis, Bayesian Learning, IP Shielding, spam filter blacklists, reverse lookups, and much more.

SPF & SenderID provide a way for a receiving server to determine if an incoming message came from a location that was authorized to send mail from the sender’s domain. You can learn more about SPF here:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01560

And here is a short video on how SPF works, and how to enable it in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_SPF.f4v

DomainKeys Identified Mail (DKIM) is an anti-spoofing technique that uses an encrypted public key, published in DNS, and each message is signed with a private key. The private & public keys are compared for a match. This video will demonstrate how DKIM works:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_DKIMIntroVrf.f4v

Tarpitting and greylisting are other spam fighting techniques. Tarpitting will slow the connection down once a specified number of RCPT commands have been given. This is to discourage spammers from sending bulk mail through your server. You can learn how to set up tarpitting in this video:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_TarpitConfig.f4v

Greylisting is a technique that exploits the fact that SMTP servers retry delivery of a message that receives a temporary “Try again later” error. Using this technique, when a message arrives from a non-white listed or otherwise previously unknown sender, its sender, recipient, and sending server’s IP address will be logged and then the message will be refused by Greylisting during the SMTP session with a temporary error code. Then, for a designated period of time (say, 15 minutes) any future delivery attempts will also be temporarily refused. Because spammers do not typically make further delivery attempts when a message is refused, greylisting can significantly help to reduce the amount of spam your users receive. But, even if the spammers should attempt to retry delivery at a later time, it is possible that by that time the spammers will have been identified and other spam-fighting options (such as DNS blacklists) will successfully block them. This video explains how greylisting works & how to set it up in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_Greylisting.f4v

Be sure to feed your Bayesian Learning filters with examples of spam and non-spam messages. Here’s more information on training the Bayesian Learning process:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01746

These are just a few of the many spam fighting tools in MDaemon. One single spam-fighting technique may not be good enough to thwart the spammers, but when all anti-spam tools are used together, your spam filter can be surprisingly effective.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •