How much e-mail could a woodchuck chuck....

By Peter Vogel

Recently, starting around 4:30 p.m. on a Friday afternoon, I became the unwitting, and I assure you, unwilling, victim of a mail spoofing attack.

I first realized an attack was underway about two hours later, when almost 450 unwanted mail returns had arrived in my inbox. Over the next 15 minutes another two or three hundred arrived, so many in fact that I initially lost count.

At the peak of the attack, the rate reached around 50 pieces a minute, more than could be deleted on the fly.

Mail spoofing occurs when a spammer makes use of someone else's e-mail address in the "return" or "from" field. Typically a spammer will use numerous such addresses. In this case the intent of the spam was to hook people caught up in the debt and mortgage crisis in the United States.

Promising to "Legally ELIMINATE your credit card and other unsecured debt," the messages offered a web site link where presumably the victim would be relieved of a credit card number and any necessary PIN or security codes.

In all likelihood the spammer was sending many tens of thousands of messages, perhaps even a few million e-mails, using target addresses that could be purchased or "borrowed." For any case where the recipient address no longer existed or was being blocked by a corporate filter or some type of firewall, I was receiving a non-delivery notification, bounced back to my inbox.

It is these non-delivery reports that constituted the "attack" on my mailbox. In the tech-speak of the industry these reports are frequently called "backscatter" and sometimes "Joe Jobs."

By 7 p.m. I had deleted approximately 800 e-mails. After a short break away from the computer I came back an hour and 10 minutes later to be greeted with a further 1,250 bounce-backs!

By 8:30 p.m. the bulk of the attack appeared to be over. A few tens of pieces were still trickling in every hour, but nothing like the earlier onslaught. It felt oddly comforting to see the occasional piece of "legitimate" spam, rather than the rejected notices from attacks on others!

I don't have an exact tally for the total number of "backscatter" e-mails that I received, but I estimate it to be in excess of 3,000.

I found it strange that neither web site URL mentioned in the spam resolved to a functioning site that night. Instead, both forwarded to a Google home page. Perhaps this was just a test run, with the real onslaught yet to come. I certainly hope not.

This is the third time I've experienced backscatter spam. Each attack has been larger than the one preceding it. All have occurred in the past 12 months. This one appeared to have connections to Shanghai and Beijing; at least a check on the registration information for the two web site URLs showed connections to those cities.

I'll be darned if I'm going to give up my e-mail address. I've had two primary personal addresses in 25 years. The first one, an sfu.ca address, served me very well, from the earliest years of the Internet until I returned from a brief vacation one year to find some 1,200 pieces of junk mail awaiting me.

At that time Simon Fraser's computer support personnel weren't terribly concerned about spam; ultimately the account became unusable. With tremendous reluctance I switched over all activity to my present address.

One of these days I'd like to reclaim that SFU account. I hope the spam issue is treated much more seriously on the hill these days.

* * * * *

Fraser Field, operator of the Catholic Education Resource Centre web site www.catholiceducation.org writes a follow-up note to my earlier column on the Clickfree www.goclickfree.com backup device.

"I've tried to protect myself from serious crashes and computer theft by backing up my data regularly. I've used both an external hard drive and a zip drive for this purpose.

"I've found both of these a pain to use, and consequently have not backed up as often as I should. I took Peter up on his recommendation of the Clickfree solution as soon as he made it. It works for me. There's nothing to do but plug it in and, it seems, I can manage that. Highly recommended."

Product of the week

Revouninstaller is outstanding at one task: removing all traces of a program you want uninstalled. Free. Highly rated on the download.com site by editors and users alike. Thanks to reader Dave Southgate for reminding of this terrific application: www.revouninstaller.com or www.download.com.

Suggestions and comments about this column may be sent to peterv@portal.ca. For additional information: http://twitter.com/petervogel.