IronPort Systems today said it’s added a bounceback-verification technology to its line of e-mail security appliances in order to protect corporations against spam-based denial-of-service attacks based on large volumes of bounceback messages.

IronPort’s “Bounce Verification” technology has been added to IronPort’s C-Series and X-Series line of antispam appliances, giving them the ability to detect and block invalid bounceback messages, says Nick Edwards, group product manager. Invalid bouncebacks are ones that have been forged with the corporation’s e-mail addresses by a spammer to hide the real source of the e-mail. They are messages bounced back as undeliverable to senders that never actually sent them.

Sometimes invalid bounceback messages are simply an annoyance, but they can be a hazard when directed en masse at corporate e-mail resources as a denial-of-service bounce attack.

“The bad guys will use [invalid bounceback messages] to jam critical mailboxes,” Edwards said. “ISPs generate the fake bounceback messages and they are almost impossible to screen out as spam.”

Based on its own Internet mail tracking system, IronPort estimates that about 9% of Internet mail may be misdirected bounces of one kind or another.

To identify a fraudulent bounceback, IronPort’s e-mail security appliances can now recognize a message truly sent from the corporation by stamping the message with a small string of code to identify it.

This identification is done through private-key encryption technology within the IronPort appliance that generates an encryption hash based on details in the sender’s address and other envelop information, says Edwards.   

---