How does NDR Spam work?

The SMTP protocol does not support authentication of the sender address. As a result, email
messages can claim to be coming from any valid email address. Spammers have long known
about this and tend to make use of fake addresses when sending their bulk mail. Since
successful spam relies on targeting the largest number of clients possible, spammers tend
to have large lists of email addresses. Some of the email addresses in their list might not
exist or have been disabled. In many of these cases, the mail server handling the nonexistent
email address may send an NDR to the faked sender address in the original email. If this address
belongs to a valid user then what happens is that this user ends up receiving the non-delivery
reports. Since the emails sent out by the spammer tend to be in large numbers, thousands of
NDRs may end up in the victim’s mailbox. The resulting emails are known as NDR spam or
backscatter and an example is illustrated in figure 1.

figure 1




, , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: