A new report has found that non-delivery receipt spam is rising dramatically. In August the amount of such spam rose a whopping 2000% over levels from January to June, and it’s responsible for 20% of all global spam sent.
The spams being sent look exactly like traditional bounce back messages except the person receiving them never actually sent the message they are being told couldn’t be delivered. The spam message itself is contained in the attachment that comes along with the fake error message. The spammer is counting on people being curious or alarmed enough to open it to see what they supposedly sent.
According to the report, “there is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks; either way, this technique is now among the most widely used. These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now”.
So far this kind of spam hasn’t been found to be carrying malware but the fake messages can give less tech savvy individuals the impression that their email account has been compromised. Email spoofing, another technique often used by spammers, also generates non-delivery messages (but these are real, sent from servers where the spam with the spoofed header was sent to invalid addresses).
Experts say spammers have turned to non-delivery receipt spam because error messages are not commonly blocked by spam filters or blacklists.