What's so bad about bouncing spam?

Today's article is about an anti spam technique known as bouncing and some of the problems inherent in it.

First off a bit of background about what email spam bouncing is. All mail that is sent on the Internet has various fields. Most people are aware of the From: To: and Subject: fields and almost everyone is aware of the CC: (carbon copy) field. A lesser know cousin of the CC: field is the BCC: field (Blind Carbon Copy). This BCC: field is great for sending messages to groups of people without exposing everyone on the list in the To: or CC: fields. Often these emails get into the wrong hands or some how get accessed by viruses and spyware and can be harvested for email addresses. If everyone is hidden in the BCC field then no problem, only one address is compromised.

The field most people don't know about is the Return-Path: field. What this field does is show the return address that the mail server should use in the case of an undeliverable piece of mail. The big problem with this field is three fold.

1. This address is often faked.
2. It can be blank
3. It is almost always not a real mailbox or email address.

In most cases, the fake return address can be anything from a fake made up email address, like fdasfhdjsahfdsja@fdsajfd.com, usually generated by random means, to creative fakes like your OWN email address, or email addresses of friends or people on the same server as you (especially in the cases of small business domains or ISPs).

This kind of bouncing almost always results in an innocent 3rd part receiving the spam if you reject or bounce it and a real email address was the return-path. Best case scenario is it generates a lot of extra network traffic bouncing between fake addresses. In the end you don't get the spam, but someone else may or it loads down the whole Internet costing everyone more response time and eventually more money to pay for better infrastructure.

In the short term, I am sure most of the readers here don't care too much about possible infrastructure problems what with all the porn that is being downloaded on the Internet, so the best course is if you are going to bounce spam you should make up a really random address. I used to send my spam to dev ~ at ~ null ~ dot ~ com and I am sure that the person there wasn't thrilled. I hope by admitting this and publicly apologizing (I am sorry) they won't send out a henchman to break my typing finger). Karma is a bitch and I have had the favor returned by many messages to ~ fake user AT eatspam dot com ~ over the years. This happens when people try to think of clever "geeky" places to send their spam. Now I use fdksjfdlksajfdska@fdsakjfsdlajfdas.com or something like that. The funny thing is that spam robots are harvesting this fake email as you read this and adding it to their email system to spam me.

I will close this installment with a tip. If you sign up for various services on the Internet using a "throw away address" (more on this in my next installment), you can usually tell who is sending you spam and to what address they are using. Let's say you sign up for Alamo rent a car .com and they sell your address to deepthroat.com and you start getting spam at alamo at ~ yourdomain from porn sites... you can do a fun little trick where you bounce the mail to webmaster@deepthroat.com

This is done by forwarding your mail (not using the fake return-path:) via the use of an alias or
forward. Various mail servers have different ways to accomplish this and some can be a bit technical, but it is almost always possible.

This is one of the few situations that I think bouncing spam is not only justified, but fun. The bastards that sold you out will now get their spam mail sent back to their webmaster. If you want to take it a step further, try to find out some "real" addresses of people at the company, possible by calling their company or other techniques. Imagine routing these spams through a system that would call the CEO of the company and read the spam over their home phone number... the technology is there!

Thanks for dropping by and if you like what you see here, please help support this site by posting a link to http://www.eatspam.com/ and subscribing to our RSS feed.

Thanks,

Matthew