Backscatter Email Attack

by tnolen
/
Comment Closed

January 20, 2011 10:05am – Our mail servers have been blacklisted by some domains because of an ongoing backscatter attack.  We are working to isolate the issue.

Backscatter is a type of spam attack where spam mail is sent to email servers with forged header information for the Envelope Sender address. If the email server bounces this email back to the sender, a bounced message usually has the Envelope Recipient set to the Envelope Sender of the original message, and the undeliverable message notification will be sent to the email address of the innocent user. There can also be other unsuspecting email servers in the message path and in a large spam campaign the target systems can be flooded with these backscatter spam messages.

January 20 10:30am  – It looks like the mail issue is not actually a backscatter attack, but instead is the result of a misconfigured email list.  The list has thousands of members and was set up in such a way that the members could all post.  Each post resulted in thousands of sent emails.  We are working with the customer who configured the list to resolve the issue.  We are also cleaning up emails coming from the list and are working to get our servers delisted from blacklists now that the source of the issue has been isolated.

January 20 10:45am – Most email is flowing normally now, although there are a few domains still delaying delivery of email from our server.  Notably aol.com and yahoo.com are still deferring our email.  These emails are NOT being rejected and WILL go through, but delivery may take longer than usual for those domains (and possibly some others).

January 20, 11:15am –  Yahoo.com is passing our email now.  AOL is the last holdout that we have found.  We have submitted a request to them for a change in our status, so all we can do now is wait for AOL to get it together.