|
Backscatter (email)
Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam. Recipients of such messages see them as a form of unsolicited bulk email or spam, because they were not solicited by the recipients. They are substantially similar to each other, and are delivered in bulk quantities. Systems that generate email backscatter may be listed on various email blacklists and may be in violation of internet service providers' terms of service. Backscatter occurs because worms and spam messages often forge their sender addresses. Instead of simply rejecting a spam message, a misconfigured mail server sends a bounce message to such a forged address. This normally happens when a mail server is configured to relay a message to an after-queue processing step, for example, an antivirus scan or spam check, which then fails, and at the time the antivirus scan or sp ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bounce Message
A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered (or some other delivery problem occurred). The original message is said to have "bounced". This feedback may be immediate (some of the causes described here) or, if the sending system can retry, may arrive days later after these retries end. More formal terms for bounce message include "Non-Delivery Report" or "Non-Delivery Receipt" (NDR), ailed"Delivery Status Notification" (DSN) message, or a "Non-Delivery Notification" (NDN). Classification Although the SMTP is a mature technology, counting more than thirty years, its architecture is increasingly strained by both normal and unsolicited load. The email systems have been enhanced with reputation systems tied to the actual sender of the email, with the idea of recipient's email servers rejecting the email when a forged sender is used in the protocol. Therefore, t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and all its participants are volunteers. Their work is usually funded by employers or other sponsors. The IETF was initially supported by the federal government of the United States but since 1993 has operated under the auspices of the Internet Society, a non-profit organization with local chapters around the world. Organization There is no membership in the IETF. Anyone can participate by signing up to a working group mailing list, or registering for an IETF meeting. The IETF operates in a bottom-up task creation mode, largely driven by working groups. Each working group normally has appointed two co-chairs (occasionally three); a charter that describes its focus; and what it is expected to produce, and when. It is open ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SpamCop
SpamCop is an email spam reporting service, allowing recipients of unsolicited bulk or commercial email to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" or "SpamCop Blacklist" (SCBL). History SpamCop was founded by Julian Haight in 1998 as an individual effort. As the reporting service became more popular, staff were added and the SCBL became more useful. It has commonly been the target of DDoS attacks and lawsuits from organizations listed in the SCBL. Email security company IronPort Systems announced its acquisition of SpamCop on November 24, 2003, but it remained independently run by Julian Haight. A small staff and volunteer help in its forum. IronPort agreed to become a division of Cisco Systems on January 4, 2007, effectively making SpamCop a Cisco service. Julian Haight left app ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Joe Job
A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also email spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source. Origin and motivation The name "Joe job" originated from such a spam attack on Joe Doll, webmaster of joes.com, in early 1997. One user's joes.com account was removed because of advertising through spam. In retaliation, the user sent new spam with headers forged to make it appear that Joe Doll was responsible. Besides prompting angry replies, it also caused joes.com to fall prey to denial-of-service attacks, from anti-spam vigilantes who thought he had sent the mail, which temporarily took the site down. Some e-mail Joe jobs are acts of revenge like ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bounce Address Tag Validation
In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses. Overview The basic idea is to send all e-mail with a return address that includes a timestamp and a cryptographic token that cannot be forged. Any e-mail that is returned as a bounce without a valid signature can then be rejected. E-mail that is being bounced back should have an empty (null) return address so that bounces are never created for a bounce and therefore preventing messages from bouncing back and forth forever. BATV replaces an envelope sender like [email protected] with prvs=''tag-value''[email protected], where prvs, called "Simple Private Signature", is just one of the possible tagging schemes; actually, the only one fully specified in the draft. The BATV draft gives a framework that other p ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transparent SMTP Proxy
SMTP proxies are specialized mail servers that, similar to other types of proxy servers, pass simple mail transfer protocol (SMTP) sessions through to other SMTP servers without using the store-and-forward approach of a mail transfer agent (MTA). When an SMTP proxy accepts a connection, it initiates another SMTP session to a destination SMTP server. Any errors or status information from the destination server will be passed back to the sending MTA through the proxy. Uses SMTP proxies are commonly used to process and filter inbound and outbound email traffic. Inbound SMTP proxying SMTP proxies often serve as the initial, network-facing layer in an email system, processing SMTP connections from clients before forwarding data to a second layer of mail servers. SMTP proxies often implement the first and/or only layer of defence in an inbound anti-spam filtering system, where they can analyze messages using a spam content filter or antivirus program, block or rate limit connection ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Greylisting (email)
Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted. Mechanism A server employing greylisting temporarily rejects email from unknown or suspicious sources by sending 4xx reply codes ("please call back later") as defined in the Simple Mail Transfer Protocol (SMTP). Fully capable SMTP implementations are expected to maintain queues for retrying message transmissions in such cases, and so while legitimate mail may be delayed, it should still get through. Temporary rejection can be issued at different stages of the SMTP dialogue, allowing for an implementation to store more or less data about the incoming message. The trade-off is more work and bandwidth for more exact matching of retries with original messages. Reje ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Forward Confirmed Reverse DNS
Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS -reliant protocols. David Barr published an opinion iRFC 1912(Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself. A FCrDNS verification can create a weak form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address. While weak, this authentication is strong enough that it can be used for whitelisting purposes because spammers and phishers cannot usually by-pass this verification when they use zombie compu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sender ID
Sender ID is an historic anti- spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework (SPF) and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408. Principles of operation Sender ID is heavily based on SPF, with only a few additions. Sender ID tries to improve on SPF: SPF does not verify the header addresses (of which there can be more than one) that indicate the claimed sending party. One of these header addresses is typically displayed to the user and may be used to reply to emails. These header addresses can be different from the address that SPF tries to verify; that is, SPF verifies only the "MAIL FROM" address, also called the envelope sender. However, there are many similar email header fields that all contain sending party information; therefore Sender ID defines in RFC 4407 a Purported Responsible Address (PRA) as well as a set of heurist ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DKIM
DomainKeys Identified Mail (DKIM) is an email authentication method that permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. The receiver can check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients. DKIM is an Internet Standard. It is defined in RFC 6376, dated September 2011, with updates in RFC 8301 and RF ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sender Policy Framework
Sender Policy Framework (SPF) is an email authentication method that ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies, such as DMARC, must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain. Sender Policy Framework is defined in RFC 7208 dated April 2014 as a "proposed standard". History The first public mention of the concept was in 2000 but went mostly unnoticed. No mention was made of th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mail Transfer Agent
Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA. Messages exchanged across networks are passed between mail servers, including any attached data files (such as images, multimedia, or documents). These servers often keep mailboxes for email. Access to this email by end users is typically either by webmail or an email client. Operation A message transfer agent receives mail from either another MTA, a mail submission agent (MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email message, i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
