Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

The problem of backscatter, part 2 - The legitimate case

The problem of backscatter, part 2 - The legitimate case

  • Comments 2

Before getting into the problem of backscatter, let's look at how the system is supposed to work before spammers ruined it for everyone.

Let's say that you want to mail a letter to your friend.  You write the letter, put it in an envelope, and write your friend's address in the center of the front of the envelope.  You then put your address on the top left corner of the envelope, put a stamp on it and then walk down to the nearest mailbox and drop it in the slot.  The post office comes, picks up the letter and then through some process known as magic, a few days later your friend gets your letter.

However, suppose there's a problem.  Let's say you write the letter to your friend and address it this way:

Homer Simpson
771 Evergreen Terrace
Springfield, USA

Aside from the fact that Homer lives at 742 Evergreen Terrace (or 743 depending on the episode), you have not specified either the state or the zip code where Homer lives.  The post office sees this and is unable to deliver your mail so they mark it and return it to you since you put your return address at the top of the envelope.  On the letter, they put notices like "Bad address" or "Insufficient Postage" or something similar.  In other words, they mark the message as non-deliverable.

Email works the same way.  You write an email, put your name and email address in the P1 From (SMTP MAIL FROM) and address it to your friend, who you put in the P2 From (SMTP RCPT TO).  You hit send in your email client and by a process known as magic, your email eventually gets delivered to your friend in a matter of seconds.

But what happens if you put a typo in your email address?  Just like the post office, the email postmaster has ways of letting you know that your message did not go through.  Suppose you did this:

From: Homer Simpson <hjsimpson @ fakeDomain.com>
To: Krusty the Klown <krustyClown @ noDomain.com>

But, Krusty's email address is actually krustyKlown @ noDomain.com.  Krusty's recipient mail server gets Homer's email, looks at the To: address and then tries to deliver the mail.  But oops!  It sees that the email address doesn't exist so it sends a notification back to Homer that the message could not be delivered because the email address that he specified was invalid.  This is known as a Non-Deliverable Receipt (NDR) or a Delivery Status Notification (DSN).  Suffice to say, the email postmaster Homer has been sending to has been kind enough to notify you that your message did not go through.  You get the NDR back in your own email inbox so you can take action on it.

In my next post, I'll go into a bit more detail about how this process works in the legitimate case.

Leave a Comment
  • Please add 3 and 6 and type the answer here:
  • Post
Page 1 of 1 (2 items)