IronPort adds bounce-back verification for e-mail

TOC: IronPort rolls out bounceback-verification technology

IronPort Systems has added bounce-back-verification technology to its e-mail security appliances to protect corporations against spam-based denial-of-service attacks that rely on large volumes of bounce-back messages.

The Bounce Verification technology has been put into IronPort's C-Series and X-Series antispam appliances, letting them detect and block invalid bounce-back messages, says Nick Edwards, group product manager for IronPort. The company competes with antispam appliance vendors such as CipherTrust (which Secure Computing is set to acquire), Mirapoint and Proofpoint.

Invalid bounce-backs are ones whose sender name has been forged by a spammer with a corporation's e-mail address to hide the actual sender. When the messages bounce back as undeliverable, they go back to a recipient who didn't actually send them. Sometimes invalid bounce-back messages are just an annoyance, but they can be a hazard when directed en masse at corporate e-mail resources as a DoS attack.

"The bad guys will use them to jam critical mailboxes," Edwards says. "ISPs generate the fake bounce-back messages and they are almost impossible to screen out as spam," he adds.

Based on its own Internet mail-tracking system, IronPort estimates about 9% of Internet mail could be misdirected bounces of one kind or another.

IronPort's e-mail security appliances now identity messages truly sent from corporations by stamping them with a small string of code. This identifying code is an encryption hash generated by the appliances' private-key encryption technology, based on details in the sender's address and other envelope information, Edwards says. Fraudulent bounce-back messages are easily spotted and flagged because the appliances look for the identifier with which legitimate bounce-back messages are stamped. They then let the e-mail manager drop the fraudulent bounce-backs or quarantine them.

Edwards says the bounce-back verification technology is based on a proposed IETF standard called Bounce Address Tag Validation.

Gartner analyst Peter Firstbrook says IronPort is the first vendor to implement this specific bounce-back-validation technology, but other vendors attempt to deal with the problem in their own ways. Firstbrook adds that the most likely targets of a bounce-back-related DoS attack are large companies with well-known brands.

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022