IronPort rolls out bounceback-verification technology

IronPort Systems today said it’s added a bounceback-verification technology to its line of e-mail security appliances in order to protect corporations against spam-based denial-of-service attacks based on large volumes of bounceback messages.

IronPort’s “Bounce Verification” technology has been added to IronPort’s C-Series and X-Series line of antispam appliances, giving them the ability to detect and block invalid bounceback messages, says Nick Edwards, group product manager. Invalid bouncebacks are ones that have been forged with the corporation’s e-mail addresses by a spammer to hide the real source of the e-mail. They are messages bounced back as undeliverable to senders that never actually sent them.

Sometimes invalid bounceback messages are simply an annoyance, but they can be a hazard when directed en masse at corporate e-mail resources as a denial-of-service bounce attack.

“The bad guys will use [invalid bounceback messages] to jam critical mailboxes,” Edwards said. “ISPs generate the fake bounceback messages and they are almost impossible to screen out as spam.”

Based on its own Internet mail tracking system, IronPort estimates that about 9% of Internet mail may be misdirected bounces of one kind or another.

To identify a fraudulent bounceback, IronPort’s e-mail security appliances can now recognize a message truly sent from the corporation by stamping the message with a small string of code to identify it.

This identification is done through private-key encryption technology within the IronPort appliance that generates an encryption hash based on details in the sender’s address and other envelop information, says Edwards.

That way, fraudulent bounceback messages are easily spotted by the IronPort appliance, which looks for the identifier in legitimate bounceback messages.

If a fraudulent bounceback is flagged, the IronPort appliances offer several options to the e-mail manager for either dropping the fake bounceback or quarantining it.

Edwards said the bounceback verification technology is based on a proposed IETF standard called Bounce Address Tag Validation, co-created by Dave Crocker, principle at the firm Brandenburg InternetWorking Consulting.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.