If you’ve been inundated lately with bounced email from addresses you’ve never sent a note to, you’re experiencing the heartbreak of backscatter. Backscatter is an attempt by scammers to get you to read unsolicited email by sending it using your return address - forging it, which is simple - and then having you open the messages that mail servers innocently return.
(We dare not speak the name of a certain type of email represented typically by a trademarked processed meat name because it results in our email being banned by many mail filters. So excuse my coyness.)
I’ve received thousands of backscatter bounces in the last few weeks, even as my unsolicited email filters have worked relatively well. It’s irritating, because I have to handle it much more manually than any other unfiltered message.
Your return email address can be forged without any effort by anyone - including systems that let you forward links to other people from news sites - because return addresses aren’t registered in any fashion. DNS (domain naming system) may control the use of domain names, but there’s no such similar method of looking up email addresses to validate them.
Way back in 2004-03-22, I wrote “Sender Policy Framework: SPF Protection for Email,” an article about an independent effort to create a way to register authority for email return addresses via DNS. Microsoft, Yahoo, and AOL all got in the game in different ways, extending SPF, developing their own system, deploying anti-forging rules, or adopting rules to prevent forged messages from arriving for their email users and customers.
But none of the efforts has really emerged as a winner, and verifying return addresses is still only one of several pieces that would restrict unsolicited email of a con-game nature. It’s a shame that even with several companies handling hundred of millions of email accounts, the kind of cooperative work that would be required to improve several parts of the way in which Internet email still seems beyond our reach.
Copyright © 2008 Glenn Fleishman. TidBITS is copyright © 2008 TidBITS Publishing Inc. If you’re reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.
MARK/SPACE, INC: The Missing Sync provides the very best insynchronization for Mac users with BlackBerry, Palm OS, or
Windows Mobile devices. Integrates with Address Book, iCal,
Entourage, iPhoto, and iTunes. <http://www.markspace.com/bits>
Original post by glenn@tidbits.com (Glenn Fleishman) and software by Elliott Back
