by | |

Upgrade and protect your email from Backscatter, AKA: fake “bounce” email notice.

SPAM filters get tighter and tighter these days. On the web client front, Microsoft Outlook web app and company do a pretty good job keeping our inbox clean. On the local client front, the latest versions of Microsoft Office 365’s Outlook and other popular email client software come backed by advanced SPAM-fighting technology and local anti-viral protection, as well as hardware-based identity protection, standard with the latest all-in-one devices running Windows 8 and Office 365.

So... what is a SPAMMER left to work with? Is it time to finally get a day job? Not quite.

Introducing “Backscatter”, better known as “fake bounce email” (and numerous variations of the latter).

In a normal circumstance, a bounce-back occurs when an email server refuses to accept incoming email for the following reasons:

  • The user at such domain does not exist, and no “catch-all” email has been setup to relay the message to a web administrator.
  • The email address has been marked as “inactive”
  • The inbox at that particular address is full
  • The message sender has been banned or blocked due to SPAM

The result is an email notification (“bounce-back”), containing a copy of the original failed message, including header information, as well as associated server error responses.

Backscatter is, however, not a normal circumstance. It’s a clever trick to induce fear and and in turn cause the recipient to potentially click on potentially malicious links.

Backscatter occurs when a spammer, or a hacker, sends an email designed to look like a bounce-back notification, while disguising the sender field with the recipient’s email address.

The resulting email has a big chance of sliding through the spam filters undetected, and land into the recipient’s inbox, looking like a real email failure notification, until the recipient takes the time to read through the email headers and realize that such message was never sent from his or her email server.

In Microsoft Office 365, when using Outlook, it’s possible to view the headers information like so:

  1. In an open message, click the File tab.
  2. Click Properties(Header information appears in the Internet headers box).

It’s 2014: How is Backscatter allowed to happen?

While some email services like Microsoft Outlook have a “Backscatter filter” in place, such countermeasures are not commonly available to all servers, making many email recipients potential phishing targets.

The email system has not changed very much since decades ago, and many modern servers still inherit old flaws that allow for this type of exploit.

All backscatter is fake emails, but not all emails are backscatter.

There is always a chance that a phishing email with a return error may actually have originated from the own recipient’s server. This is the unfortunate result of a system that has effectively been compromised through viral infection or hacking.

This risk is greatly enhanced on computers that still run Windows XP. Upgrading to a newer system running Microsoft Windows 8 as well as Microsoft Office 365, with built-in security, provides real protection against email security threats.

Please note: following the recent Heartbleed bug report, it has become increasingly important to change passwords often, using complex combinations of letters, numbers and symbols, to reduce the chances of intrusion and tampering activity.