Astaro Blocks Growing Backscatter Spam

Published 14th May 2008

Astaro solution uses embedded code to filter out bounce-message spam

Reading, UK (8th May 2008) — Astaro Corporation (www.astaro.com), a leading vendor of integrated security solutions, today announced that Astaro Security Gateway can detect and block what is known as backscatter: specially crafted bounce emails that appear to be sent by the message recipient but are actually engineered by the spammer to skip various anti-spam checks. A recent Blog on the Independent (6th May, ‘Cyberclinic: Backscatter’ by Rhodri Marsden*) reports that this type of spam attack is growing exponentially, stating “Backscatter is incredibly annoying; aside from the sheer number of messages you have to deal with, you also have to cope with the inevitable furious responses from people who did get the spam message and think that you sent it to them.”

Astaro Security Gateway implements an open source solution called BATV (www.mipassoc.org/batv), which stands for bounce address tag validation, in order to combat this type of spam. This program embeds an encrypted signature into the hidden header of every outgoing mail message. Every time a bounce email comes into the Astaro product, it checks for this code. “If the signature is not there,” says Astaro Product Evangelist Angelo Comazzetto, “we know with great certainty that the message did not originate from someone behind our device, and the message can thus be disposed of.”

Spammers use backscatter to target email recipients by means of creating false “bounce” messages to them. By sending messages to an invalid recipient at a valid domain and setting the target address set in the “From:” field, the message bounces back to this intended target. Due to the legitimate-looking nature of this type of message, it has a very high open/read rate compared to normal spam. Further, many inferior mail-filters automatically pass bounce messages through their various anti-spam checks in order to ensure delivery of the notification-style message to the user. The spammer has therefore met his objective and delivered his message to the intended recipient through a third party mail server, and the user is highly likely to read it.

BATV is enabled by default in Astaro Security Gateway and can be toggled by way of a single check box. Comazzetto explains further, “While rare, administrators of those domains that have any issues with BATV can make use of a granular exceptions list that can be used to remove senders, recipients, or entire domains from BATV and/or our other checks.”
(*http://blogs.independent.co.uk/independent/2008/05/cyberclinic-bac.html)
About Astaro
Astaro Corporation is headquartered in Burlington, Mass. and Karlsruhe, Germany. The Astaro Security Gateway, simplifying Email, Web & Network Security, has won numerous industry awards and is protecting over 30,000 networks in 60 countries. Astaro products are distributed by a worldwide network of nearly 2,500 solution partners who offer local support and services. For more information, please visit www.astaro.com.

Contacts
James Farquharson
Goode International
+44 (0) 1491 873 323
james.farquharson@goode.co.uk