Application security

Misdirected bounce attacks on the rise

IronPort said this week that the number of email bounce attacks and misdirected bounces are on the rise this year.

The San Bruno, Calif., company said that the total volume of misdirected bounces has grown by 35 percent since the first quarter of this year. These bounces make up 15.2 percent of hostile email, accounting for seven billion of these messages sent per day. Many of them are sent to invalid return addresses, IronPort said, which clogs the mail systems of the domain owner without ever reaching an end user.

The company reported that spammers are using a new technique to take advantage of bounce messages. The spammer will forge the end-recipient's email address as the return address so that legitimate organization will end up bouncing the mail, thereby forwarding it own to its final destination. This can cause serious problems for honest organizations once an attacked mail server puts their domains on its blacklist.

IronPort reported that this new method is flummoxing many legacy anti-spam solutions on the market.

"Traditional email security solutions available in the market today are simply not effective at stopping bounce attacks," said Tom Gillis, senior vice president of worldwide marketing for the company.

Gillis said the company hopes to meet market demand to protect against these attacks with its new Bounce Verification technology, also announced this week.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.