CMS Logo Home Page Click Computer Mail Services, Inc. CMS Home Page
Computer Mail Services, Inc.
Software / Services / eMail Tools: IP Address Blocking, Spam Filtering, Log Data Mining and DNS Blacklist Monitoring
TELEPHONE: 248.352.6700 or 800.883.2674 (USA Only) FOR SALES AND OTHER INFORMATION...

Praetor MeM
Praetor Software
Price Quotes
ROI/Spam Calculator
Press Release
About CMS


Spammers Adjust to Economic Times

Holiday Spam is not Aunt Honey's Fruitcake

Denial of Service Flood ... Rejected

Visit CMS Blog...

CMS XML Button


CMS A Microsoft Certified Partner

Privacy Policy
Trademarks / Logos
Site Map

Press Release

XE-Filter IP address country centric email filter Spam eMail Tactics Changing

Companies See 1600% to 4000% Increase in Spam eMail Volumes

Computer Mail Services, Inc.
Lih-Tah Wong
248.352.6700 x210

Troy, Michigan -- August 11, 2006 -- Senior support technicians at Computer Mail Services, Inc. (CMS) have recently been following a rise in a certain type of spam email attack called Reverse NDR (RNDR).  The rise in RNDR email volume appears to coincide with spammers changing the methods and format of their search for valid email addresses.

Historically, email addresses used in the RNDR form of spam email have been harvested from the Internet or other sources and represented possibly valid recipients.  Spammers then target these harvested addresses by using non-delivery notices generated by mail systems as a backdoor to placing their messages in recipient inboxes.  While the volumes of spam email sent to a particular site was large, they were in a certain, almost legitimate format.

Recently, CMS and their customers noticed larger than usual volumes of filtered RNDR mail containing randomly generated character strings as an address.  Coinciding with the appearance random addressing is a massive increase in volume.  In one instance, a CMS customer has noticed a day-to-day increase of 1600% in RNDR-type spam trapped by their CMS Praetor Messaging Firewall.  CMS’ own corporate email servers have on several days seen RNDR-type spam volume increases of over 4000% percent.

Spammer motivation for this new addressing approach and the massive volume increases could fall into several categories from simply a “shotgun” approach to reach valid email addresses to malicious attempts to bring “Denial-of-Service” (DOS) style attacks to vulnerable email servers.

The “Shotgun” addressing approach would simply use a utility to create email addresses of every possible letter combination for mailing to recipients at a targeted domain.  “Eventually, the random address generator hits upon a valid recipient address but to find these people, the increase in email volume will be huge” said Alan A. Sitek, Vice President of Development at CMS.  With spam still profitable and sending email free, even successfully reaching a small percentage of people with large volumes of RNDR mail generates profits.

If the spammer intent is a Denial-of-Service (DOS) attack then their motivations are much more malicious.  DOS attacks will overload the targeted servers to slow and possibly halt their operations.  Perhaps spammers are targeting spam filtering appliances, some of which are known to be vulnerable.  The actual motivation for DOS attacks on a particular server is hard to define.  While using this scheme to turn a profit cannot be ruled out, in the past DOS attacks have been used for several reasons: revenge, random maliciousness or the need to prevent some group from spreading ideas and opinions. 

Other possibilities include an attempt to overload and reduce the effectiveness of the Bayesian filters present in almost all email filtering software and services.  Forcing email administrators to train their Bayesian filters on the huge volumes of RNDR spam.  With overloaded and over trained Bayesian filters, it may be simpler to successfully send spam email at a later date.

Computer Mail Services, Inc. was the first to report Reverse NDR spam in June of 2003.  They quickly updated their Praetor Messaging Firewall software to control and prevent this type of attack.  In 2003 Neil Berger, President of NSB Systems and Consulting Inc. stated, “Almost every installation I’ve encountered suffers from the problem of Reverse NDR.  Not only does Reverse NDR eat up huge amounts of mail server resources, but also the enterprise’s domain risks being blacklisted by ISPs, customers, and organizations with which the enterprise does business.”

Today while CMS’ Praetor customers are secure, many other spam appliances and filters have not instituted protections against RNDR attacks and remain vulnerable.  Computer Mail Services is continuing to study email traffic for any indications of further changes in spammer tactics.


Founded in 1982, Sterling Heights, Michigan-based Computer Mail Services, Inc. (CMS) is a privately held company with expertise in the development of messaging related products: Praetor, XE-Filter, BL-Monitor and ES-Insight.

Praetor is a registered trademark of Computer Mail Services, Inc.  XE-Filter, ES-Insight and BL‑Monitor are trademarks of Computer Mail Services, Inc.

# # #

[ Home ]   [ About CMS ]   [ Site Map ]   [ Support ]   [ Downloads ]   [ FAQ ]   [ News ]   [ Press Release ]
[ XE-Filter ]   [ ES-Insight ]   [ BL-Monitor ]   [ Praetor Managed eMail ]   [ Praetor Software ]   [ Ad Sponsorship ]

Send mail to Webmaster with questions or comments about this web site.
Copyright 2011 Computer Mail Services, Inc.