We've observed an end to the previous NDR storm, but continue to see some spammers falsifying the "From" address of their spam messages, resulting in some users receiving numbers of bounce messages for messages they didn't send.

What is an NDR?

A non-delivery receipt (NDR) is a message that a mail server sends to notify the sender when a problem occurs with delivery.

For example, if you type a recipient's address incorrectly, the receiving server might send you a message that looks similar to this: 

Undelivered Mail Returned to Sender  
Your message did not reach some or all of the intended recipients.
Subject: Report update The following recipient(s) could not be reached: webmmaster@yourcompany.com on 05/15/2008 08:09 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. 

Types of normal NDR messages include:
 

• User unknown: The recipient's address doesn't exist on the receiving server, and the message is bounced
• Server resources are unavailable; for example, the recipient's mailbox is full
• Auto-reply vacation or out-of-office messages
• Auto-reply list server or mailing list responses 

NDR spam: Why am I receiving an NDR for a message I didn’t send?

NDRs are a normal part of email exchanges, but spammers' activities can cause spikes in NDR activity. Spammers send junk messages to thousands of email addresses, some of which exist and some of which do not. To give the appearance that their messages are legitimate, spammers use a practice called "spoofing," whereby they manipulate the "From" address to use a real domain or sender.
 
When a spammer sends email to an invalid address, the receiving mail server sends an NDR message to the "From" address, rather than to the actual sending server. Because spammers spoof common addresses, such as sales or info of well-known companies, these NDRs may be destined for your mail server.



The good news is that your message security service recognizes the spam content in an NDR, and blocks large numbers of these messages so they never reach your mail server.

We have implemented secure encryption for all backups and restores. These tape backups can only be restored from the DPM install in our secure cage at the Network access point.

The SSL certificate is generated from our Certificate authority only for the DPM server in question. It is installed for both backups and restores. This certificate is only issued for authentication purposes and uses a SHA1 RSA signing algorithm. The public key is an RSA 1024 bit encryption standard and the encryption itself is a SHA1 hash algorithm. Details on the features of DPM as well as a brief summary on the encryption of tape backups can be found here:

http://technet.microsoft.com/en-us/dpm/bb798076.aspx
http://technet.microsoft.com/en-us/magazine/cc137717(TechNet.10).aspx

When choosing the name for your domain, always remember that:

• You can't use stressed vowels (such as à, é, ò, etc.)
• You can't use symbols (such as ' + . , | ! " £ $ % & / ( ) = ? ^ * ç ° § ; : _ > ] [ @ )
• The name's length must range between 3 and 63 characters (excluding the extension)
• The name can neither start nor end with the character "-", although the character "-" is allowed inside the name. 

So, to name your domain you can use any letter, numbers between 0 and 9, and the symbol "-". Length may vary, from 3 to 63 types. For domain names registered under the geographical structure, the limit is between 1 and 63 types.

Following is the summary of recent email threats and trends.

Anti-Bot-net Protection: Our recently introduced advanced bot-net protection continues to perform well against the growing number of bot-net attacks. We've observed that bot-net generated spam now comprises over 20% of the spam traffic, and on April 14, a single powerful attack accounted for 46% of all spam volume.

This graph shows the actual bot-net activity patterns. Spammers try to take advantage of the reactive nature of most spam protections by attacking with maximum volume when defenses are low.

Advanced Anti-virus Heuristics: In January, we completed the release of advanced anti-virus heuristics that specifically targeted zero-hour attacks (the period of vulnerability between a new virus in the wild and release of the anti-virus signature file). If the bot-net protection identifies a suspicious message, the anti-virus heuristics also scan the message for zero-hour viruses.

We've observed a number of attacks in which the anti-virus heuristics successfully identified viruses. For example, the anti-virus heuristics identified a viral message pattern -- later identified as a new strain of the Spy Agent Downloader ( http://vil.nai.com/vil/content/v_141846.htm ) -- in the wild at 11:12 AM GMT. At 2:50 PM GMT, when the volumes had grown dramatically, we received the new virus signature file from one of the anti-virus engines. 

Filter Updates: We continue to update filters to combat spammers’ tactics. Attacks blocked include new variations of pharmaceutical and automotive scams, penny stock ploys (ZYTO Corp), and numerous phishing attacks.

Spam Traffic Trends: Spam levels continue to remain high, and April 23rd brought a record level of spam for the year, with the 194 spam messages per user per day. With such high spam volume, organizations with in-house solutions require equally high capacity to handle the load. Since spikes in spam can happen overnight, we must carry precautionary -- but generally unused—capacity to avoid a meltdown.

An often endless battle for us is the battle against SPAM. We spend a great deal of effort and resources fighting spammers and educating our users on various tools and techniques used in the war. One common method for spammers to add new email addresses is the use of special software known as mail "harvesting bots" or "harvesters", which spider web pages to obtain e-mail addresses. If your web site contains an email address that is readable by a machine in the form of <username> at <domain> then your mail address is easily picked up by email harvest software. This includes email addreses that may be embedded in hidden fields in your forms.

One such method of fixing this problem is to obfuscate your email address and "mailto:" tag with encoded HTML characters. For example, this address, support@ihwy.com, works like you would expect a normal email address to work but is actually obfuscated and hidden SPAM Harvesters.

You can access this tool by going to: http://www.ihwy.com/Tools/Email-Obfuscation-Tool.aspx

Tinkering with Expression Engine for a few moments, it instantly received a "wow." Clever, adaptable, accommodating, Expression Engine has qualities of a good friend, a good program, while being a fantastic site-structuring application. It has a general versatility within the administrative interface as well as designing capabilities. Written, coded, and constructed with a type of genius resourcefulness, it easily stands with other frontrunners of web-based site design and construction.

Expression Engine does have peers. Like any web-based site builder, the limitations are not absent. The mixture of dynamics are often hindered by the nature of web-based platforms; so, what attracts a designer to one web-application over another is its functionality. Two noticeable characteristics of this application are simplicity and diversity.

One can easily paste a line of code within the builder interface, click on or off widgets, and scoot over to admin options without having to get a search and rescue team to locate necessary links. Often tenuous is the task of giving permissions or enabling widgets but in the interface of ExpressionEngine is the exciting and rare ability to know where to find the things you need.

What one may produce using Expression Engine are operational, smooth, content complimentary sites, which visitors, and their browsers, navigate with facility and ease. A site's flare and zest, style and pizzazz are in the fingertips of who ever brandishes this mighty application.