• United States

Misdirected bounce e-mail messages cause costly headaches, report says

Apr 24, 20062 mins
Enterprise ApplicationsMalwareMessaging Apps

Bouncing e-mails cost businesses $5 billion annually, according to IronPort.

The IT costs related to misdirected bounce e-mail messages is nearly $5 billion annually, according to a report issued on Monday by messaging security vendor IronPort.

The company says roughly 4.5 billion misdirected bounce messages are sent per day, and the vast majority of those are misdirected. Bounced messages, or undeliverable e-mails that are returned to their sender, happen when the recipient address is invalid so the receiving e-mail server automatically generates a message telling the sender that his or her e-mail was not received. Such messages occur often with spam blasts – as many as 20% per batch will be bounced, according to IronPort.

Because spammers don’t want to be inundated with bounce messages, they often use a forged return address so that the notification goes to a third party. Not only are these misdirected bounce messages annoying for the third party, they can come in such volumes that they cause distributed denial-of-service (DDoS) attacks on the unsuspecting third party’s mail server, says the report.

These messages often cause end-user confusion and generate calls to the IT help desk. Even if only 0.2% of the misdirected bounce messages generate a trouble ticket from end users to their IT departments – assuming each trouble ticket costs a company $20 – that adds up to $4.5 billion annually, the report says.

In addition, there are costs related to the bandwidth and capacity to deliver and store these messages, plus the downtime created when misdirected bounce messages result in DDoS attacks, the report says.

The figures for this report were generated by IronPort analysts who examined patterns using the company’s SenderBase traffic monitoring network, which sees approximately 25% of all the traffic traversing the Internet, according to the company.

IronPort’s messaging security appliances use the company’s SenderBase reputation services technology to determine if the sender’s IP address is reputable, and will only issue bounce messages to senders that exhibit trustworthy behavior, officials say.