Cellopoint Announces New “Bounced Email Defense” Technology

Bounced Email Attack: Most of the bounced email services from the e-mail providers will check if the receivers still exist while they are online with the SMTP. Even if the recipients exist or not or have any connection problem, the system will return the message back to the sender. Hackers will use this function and combine it with the email address that they have collected from the dictionary attack. They will set their target as sender and a phony none exit account as recipient. By using a botnet computer, they can now send out a massive amount of fake emails to attack your mail server. The bounce address is also part of the regular e-mail service which results in the spam going into company’s mail box. This will not only overload the mail server, but also blacklist the company in spam mails. A traditional anti-spam program can not do anything about this situation. The Cellopoint Global Anti-spam Center can also pick up that the bounced email attack has been mutated. Hackers use similar theories by using auto reply to start the spam attack.

Cellopoint uses techniques such as “BATV, Bounce Address Tag Validation” and “ICA, Intelligent Content Analysis” to defend bounced e-mails attacks

Bounce Address Tag Validation (BATV) is a standard of a draft of IETF. It provides a mechanism for assessing the validity of an e-mail's envelope return (bounce) address. It permits the original submitter of a message to sign the SMTP Mail from address. When the e-mails bounce back to the secure mails gateway of Cellopoint, the valid signature can be used to distinguish legal or fake bounce addresses.
“ICA, Intelligent Content Analysis”, exclusively invented by Cellopoint, is able to analyze the structures of the emails. It is not only able to check the envelope, but also able to check all the content of the emails. It can diagnose precisely the validity of the bounce address. This technique can beat some specific modes of “Bounced email attack”, and efficiently lower the possibility of paralyzing the e-mail system by the attack of bounced emails.

From the Cellopoint Global Anti-spam Center statistics, there are more and more cases of bounced email attack from September 2008 until now. Bounced e-mails are estimated at up to 35% of the total e-mails. If the company would not face the problem and react immediately, this would not only damage the IT system, but also blacklist the company on many mailing lists and do serious damage to their reputation. By using the Cellopoint defense of bounced e-mail validation technology, the company can save on the cost of maintenance and they would not need to cooperate with other mail servers. This is the best solution for e-mail security. If you want to know more about the solution of the bounced e-mail attack, please contact Cellopoint at http://www.cellopoint.com/