08 October 2020
How bounced spam can damage your organisation?
By: Dr Mohammad Reza Beheshti
Did you know each time someone registers on your contact-us form or register to attend a free webinar on your website or even register for an account, etc., for every single request is sent to your server, your server will send an SMTP request back to the registered email address to confirm the registration. Now, if the registered email address is not valid or it is a fake email address your server will get a bounce-back error message.
Receiving too many bounced SMTP requests can potentially damage your organization server. If you receive too many bounced error or undeliverable error messages, your entire email server might get blocked and your server IP reputation will drop rapidly or even your email server might get blacklisted. That means none of your emails will reach your clients and no one would be able to send your organization any emails.
Besides many organizations connect their CRM system to their online form and as soon as a new user registers on the form, the data will feed into the CRM straight away automatically for customer record purposes. This is the most dangerous case since if the organization receiving too many bounce SMTP requests, their CRM account might get blocked, and also their CRM stack will be full of spam contents instead of the clean legitimate users. This of course requires a huge amount of time and energy requires to clean up the CRM database daily.
To show this dangerous type of cyber-attacks, I have set up a demo contact us form on my server which is connected to my email server. Then I have written five lines of PHP code that can send thousands of requests to my online form per seconds. Since each request is giving a brand new “Fake” email address, there is no way for the web service provider to detect and match the emails to stop them. Therefore, all the requests will be registered successfully on my server. Here is the screenshot of the non-delivery report with the fake email address in it.
After running the script for only 2 seconds, I receive more than 2000 bounce emails in my mailbox and every second my inbox was going up by more than 1000 bounce messages! In less than 5 seconds my mailbox was also over 3700 bounced non-delivery report!! It was a real catastrophe! With this attack, there is no way to stop it, since the bounced SMTP requests are coming from the email server.
It took me a lot of time to delete these bounced back errors from my inbox and I was lucky I did not connect my mailbox to my CRM, otherwise, my entire CRM would be blocked! This low-cost cyber-attack can damage any organisations and website owners financially and reputationally since there is no way to stop this attack.
Here is how a conventional client-server communication system works. As you can see there is direct communication between the client and the server. The problem with this type of communication is the server has to respond to every single request that the client is making. Whether the request is legitimate or fake like my case, the server will respond. This of course will cost the website owner and the organization significantly. The worst-case scenario can cause a denial of service DoS or distributed denial of service DDoS.
We at CyberSiara offer a complete solution to the spam problem. Thanks to our novel 3D token verification which will stop spam bounced cyber-attack 100%. By installing SiaraShield plugin on your website, your online form will first get authorization from the CyberSiara server and only if the authentication passes, then the request will be passed to your server. SiaraShield™ 3D authentication mechanism will filter and only pass the good and legitimate traffics from real user to your server.