Explanation A technique used by spammers to use email non-delivery reports to deliver spam what is: Reverse NDR A technique used by spammers to use email non-delivery reports (NDRs) to deliver spam. Reverse NDR is sometimes abbreviated to simply RNDR. EMail servers are often configured to delivery a non-delivery report (NDR) when an email cannot be delivered. This is useful to the sender of an email because it lets them know that their email could not be delivered - typically because the email address was wrong. Some spammers use this behaviour of sending NDRs as a means of using an email server to send out spam. The advantage to the spammer is that they can use this technique to target a server which is not listed on a DNS Block List (see DNSBL) and so circumvent one common way of blocking spam.A Reverse NDR attack works like this: The spammer creates an email setting the to-address with a random fictitious email address for a known email domain (say, your email domain!) This email is one that will therefore bounce and be returned with an NDR. The crafty bit is that the From-address is set to the email address of the intended target. The email server (say your email server!) cannot deliver the email because the email is for an unknown user. It therefore generates a non-delivery notification, sending it back to the "sender". But, the spammer has lied about the sender, supplying instead someone else's email address. The non-delivery notification is therefore sent to the email address of the an innocent victim. Since non delivery notifications often include the contents of the original email, the server (your server) has now relayed spam on behalf of a spammer to an innocent victim. If the recipient opens the NDR and looks at the email then the delivery of spam is complete and the spammer has successfully spammed another victim. This technique turns an email server into a form of open relay, and for this reason many DNSBL providers now list servers that send NDRs. That's how a Reverse-NDR spam attack works, but if you are are responsible for administering an email server then how can you determine whether your server is being used for a RNDR attack? The symptoms are typically: Outbound email delivery queues are full of non-delivery notices. Outbound email slow to be delivered (because of the NDRs). Slow internet connection - because of the NDR traffic. So, if you are an email system administrator, are there any steps you can take to prevent your server being used for RNDR attacks? The solution to the problem is to configure the email server to issue an SMTP reject rather than an NDR to the sender. An SMTP reject takes place when a remote client/server connects to the email server, it rejects the connection if the recipient email address is not recognised. The responsibility for issuing an NDR shifts then to the sending server. Relevant links: www.cryer.co.uk/brian/msexchange/exch_disable_ndrs.htm - How to disable NDRs for Microsoft Exchange Server 2003. http://support.microsoft.com/kb/909005 - Microsoft Knowledge base article dealing with reverse-NDR attacks on Exchange server 2000 and 2003.
- Define Answers In Genesis:
- Use Genesis. Normally specifically refers to the Answers In Genesis organisation (based in Australia but with offices in Canada, New Zealand, South Africa, the UK and the USA). AiG seeks to inform and a technique used by spammers to use email non-delivery reports to deliver spam definition.
- Define Acceptable User Policy:
- Use Policy. Where a service (such as an ISP or e-mail provider) specifies what is considered acceptable and what is unacceptable use of a service. Normally part of any terms and conditions. The term may a technique used by spammers to use email non-delivery reports to deliver spam explain.
- Define Apache Software Foundation / Advanced Systems Format:
- Use Software Foundation. Relevant links: www.apache.org 2. Advanced Systems Format. It is a media format developed and patented by Microsoft. Relevant links: http://msdn.microsoft.com/library/en a technique used by spammers to use email non-delivery reports to deliver spam what is.
- Define Abbreviation For IPS TAG (Internet Provider Security Tag):
- Use IPSTAG Abbreviation for IPS TAG (note the space between IPS and TAG). Commonly regarded as standing for Internet Provider Security Tag. See IPS TAG for more information a technique used by spammers to use email non-delivery reports to deliver spam meaning.
- Define A Very Popular Open Source Database System:
- Use popular open source database system. MySQL is a multi-user, multi-threaded database server, which is suitable for office database uses and for on web-servers. cf LAMP. Relevant links: http://mysql a technique used by spammers to use email non-delivery reports to deliver spam abbreviation.
