When you send an email to an address that doesn’t exist or to a server that is having trouble delivering it, you get a Non-Delivery Report back. Spammers have been exploiting these bounce messages for a while now, as a way to get around spam-filtering measures. However, last month saw NDR spam hit an all time high with 20% of all spam messages using the trick. That’s a rise, according to security specialists PandaLabs, of no less than 2000% when compared to the number of different NDR spam samples seen between January and June this year.

It is a clever technique, and obviously one that works or the spammers would waste their time and money exploiting it. The point being that the bounce messages themselves are more often than not genuine, with the server function being exploited to distribute the spam (sent as an attachment to the bounce notice) using the sender’s real name.

Now I know I have upset readers in the past by calling them morons for clicking on spam links in email, but this time I will let you off as it’s a rather different kind of spam trickery being employed. Go on, admit it, curiosity often gets the better of you when you get a bounce message and you open the thing to see who it was you sent mail to that has not arrived. Right? Even if you have not sent that mail in the first place, and don’t recognise the email address. Indeed, the fact that you don’t recognise the address plays in the spammer’s favour making the recipient even more likely to take a sneaky peek.

According to Luis Corrons, technical director of PandaLabs, “there is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks; either way, this technique is now among the most widely used. These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now”.