What Is NDR Spam?

GFI Software

Category: Anti-Spam Solutions | 27/04/2010 - 15:29:38

With the development of anti-spam software, spammers are evolving their methods, leaving email users at risk. Non Delivery Receipt (NDR) emails are being intercepted from users' inboxes to gain their information, and this is known as NDR spam.

With every advancement in anti spam software, the spammers become more desperate and more inventive. They have even discovered how to take advantage of standard operations of most email servers.

NDR and Backscatter Spam

It’s called NDR (Non Delivery Receipt) spam or backscatter. Have you ever received a message in your inbox saying that something you sent was undeliverable or bounced? Spammers are now using this courtesy response to get their information in your inbox. They send emails to addresses that do not exist, and say that it is from you. Or they use your email address as the sender for their entire, enormous mailing list. Then when any messages bounce back they are sent to your email address. This is possible simply because email servers cannot authenticate that the person sending the message is in fact the owner of the address being used.

Office Spam

How would a spammer get these email addresses? It is not unusual for a company or person to post a contact email address on a company or personal website. Spammers can collect these, and use them as their own address for their enormous mailing lists, thereby eliminating the need for them to deal with the inevitable “Return To Sender” NDR e-mails.

This type of spam can be quite dangerous. Because technically the message is coming from the reader’s own mail server, the chances of them opening it, and anything that might be attached, is much higher then with your typical spam. And for the exact same reasons it is considered much more insidious as well because it’s much harder for a spam blocker to filter out. The most likely outcome of NDR spam is that a single domain will be spoofed as the sender of a spam message, and then be inundated by NDR messages from the long list that the message was sent to, overwhelming a company’s exchange server. At its simplest it can overwhelm an exchange server, and force a user to waste time sorting through their inbox.

Email Spam Prevention

Little can be done by an individual to eliminate this type of spam, but an internal IT manager can turn off the option to have NDR messages produced at the mail server. Spam filters can also be put in place to delete any messages that contain frequently used spam content, or subject-line only messages with no content. This can make it a little more difficult for users to send and receive their email, but if they are made aware of the restrictions necessary to maintain optimum operations, problems can often be avoided.

In general this type of spam causes a significant nuisance to users and system administrators, but as with other types of spam, the technology is being developed and implemented even now, to put another road block in the way of backscatter.

For further details on NDR spam and how to prevent exposure to this kind on spam download: http://www.gfi.com/whitepapers/ndrspam.pdf.