Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

MDaemon Spam Filter Deep-Dive Webinar

In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Spam Fighting Techniques – An Article from AllSpammedUp

An article that discusses various spam filtering techniques was recently posted on AllSpammedUp, and I wanted to share it with you because it contains some valuable information on fighting spam.

There isn’t a single, “one size fits all” way to catch all spam. Spam filters use various techniques, such as backlists and whitelists, Bayesian analysis, trend analysis, heuristic analysis, word lists, and much more. These days, spammers are aware of many of the anti-spam techniques that are used, and they are constantly trying to find ways around these techniques by altering the spelling of keywords, forging headers and addresses, sprinkling words from literature throughout the message, and other techniques.

The article talks about using trend analysis, content filtering, word lists, blacklists, Sender Policy Framework (SPF), and Challenge-Response.

You can read the original article here:
http://www.allspammedup.com/anti-spam/

MDaemon includes many tools for fighting spam, including SPF & SenderID, heuristic analysis, Bayesian Learning, IP Shielding, spam filter blacklists, reverse lookups, and much more.

SPF & SenderID provide a way for a receiving server to determine if an incoming message came from a location that was authorized to send mail from the sender’s domain. You can learn more about SPF here:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01560

And here is a short video on how SPF works, and how to enable it in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_SPF.f4v

DomainKeys Identified Mail (DKIM) is an anti-spoofing technique that uses an encrypted public key, published in DNS, and each message is signed with a private key. The private & public keys are compared for a match. This video will demonstrate how DKIM works:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_DKIMIntroVrf.f4v

Tarpitting and greylisting are other spam fighting techniques. Tarpitting will slow the connection down once a specified number of RCPT commands have been given. This is to discourage spammers from sending bulk mail through your server. You can learn how to set up tarpitting in this video:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_TarpitConfig.f4v

Greylisting is a technique that exploits the fact that SMTP servers retry delivery of a message that receives a temporary “Try again later” error. Using this technique, when a message arrives from a non-white listed or otherwise previously unknown sender, its sender, recipient, and sending server’s IP address will be logged and then the message will be refused by Greylisting during the SMTP session with a temporary error code. Then, for a designated period of time (say, 15 minutes) any future delivery attempts will also be temporarily refused. Because spammers do not typically make further delivery attempts when a message is refused, greylisting can significantly help to reduce the amount of spam your users receive. But, even if the spammers should attempt to retry delivery at a later time, it is possible that by that time the spammers will have been identified and other spam-fighting options (such as DNS blacklists) will successfully block them. This video explains how greylisting works & how to set it up in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_Greylisting.f4v

Be sure to feed your Bayesian Learning filters with examples of spam and non-spam messages. Here’s more information on training the Bayesian Learning process:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01746

These are just a few of the many spam fighting tools in MDaemon. One single spam-fighting technique may not be good enough to thwart the spammers, but when all anti-spam tools are used together, your spam filter can be surprisingly effective.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •