- Bare Bones Software
- Mark/Space, Inc.
- Web Crossing
- Microsoft
- VMware
- Readers Like You!
- Fetch Softworks
Most Popular Articles
- How to Protect Yourself from the New Mac OS X Trojans (25 Jun 2008)
- iPhone 3G GPS Details, Power Adapter, and Industrial Design (10 Jun 2008)
- No, David Pogue, Ebook Piracy is Not a Given (05 Jun 2008)
- Firefox 3 Bounds Forward (22 Jun 2008)
Recent TidBITS Talk Discussions
- The Hole in My Backup Plan (13 messages)
- New Mac threats? (1 message)
- Current iPhones Keep Cheaper Plan on Reactivation (2 messages)
- Making AppleCare Worthwhile: MacBook Pro Battery Replacement (22 messages)
Shopping for a new digital camera? In "Take Control of Buying a Digital Camera," pro photographer Larry Chen helps you pick out the right camera and accessories for your needs and budget. This book is loaded with tips on using your camera, pointers to the best review sites, and more!
| Backscatter Simulates Spam
If you've been inundated lately with bounced email from addresses you've never sent a note to, you're experiencing the heartbreak of backscatter. Backscatter is an attempt by scammers to get you to read unsolicited email by sending it using your return address - forging it, which is simple - and then having you open the messages that mail servers innocently return.
I've received thousands of backscatter bounces in the last few weeks, even as my spam filters have worked relatively well. It's irritating, because I have to handle it much more manually than any other unfiltered message. Sometimes there are commonalities in the bounces that make it somewhat easier to filter - for instance, the last time Adam Engst suffered a backscatter attack, most of the bounces came from Russian addresses, so he temporarily filtered mail from .ru domains to the trash until the problem died down, which it usually does.
Your return email address can be forged without any effort by anyone - including systems that let you forward links to other people from news sites - because return addresses aren't registered in any fashion. DNS may control the use of domain names, but there's no such similar method of looking up email addresses to validate them.
Four years ago, I wrote "Sender Policy Framework: SPF Protection for Email" (2004-03-2), an article about an independent effort to create a way to register authority for email return addresses via DNS. Microsoft, Yahoo, and AOL all got in the game in different ways, extending SPF, developing their own systems, deploying anti-forging rules, or adopting rules to prevent forged messages from arriving for their email users and customers.
But none of the efforts has emerged as a winner, and verifying return addresses is still only one of several pieces that would restrict spam of a con-game nature. It's a shame that even with several companies handling hundred of millions of email accounts, the kind of cooperative work that would be required to improve several parts of the way in which Internet email still seems beyond our reach.
MARK/SPACE, INC: Take it with you! The Missing Sync makesit easy to synchronize contacts, calendars, notes, photos
and more from your Mac to your BlackBerry, Palm OS, or
Windows Mobile phone. <http://www.markspace.com/bits>