Mail Viruses Junk Spam Phishing and now Dark?



Okay, I’ve seen a new term come across the horizon in the battle of the email inbox. First there were viruses, then junk mail, which became known as Spam and then Phishing attacks now we’re up to DarkMail. According to scmagazine , an IT security focused publication, the earmarks of darkmail are similar to junkmail but greater in volume. According to the article one domain withstood 10 million messages in one day as the sender went alphabetically through addresses on the domain.


In some cases this is used simply as a Distributed DoS (Denial of Service) attack, but more often now as a way of brute forcing the message through junk filters. With a DDoS it’s possible to filter out the source IP addresses and just drop connections from them. (Most seem to be residential virus laden/trojan infected machines.) However, as the numbers of machines involved grow it becomes frustratingly tedious to block them all. Plus, there’s a bit of know how involved with filtering out offending IP’s. Maybe mail server software should have an automatic “pacing”. In other words if you receive too many connections from the same machine in a limited period of time, block it for a longer period to cool its heels a bit. If it’s a legitimate transaction, most of those would be one or two messages at a time, but if it’s a mailing list it could be more. Even so, a legitimate user wouldn’t mind the delay. As the intensity of incoming messages from a single IP continues perhaps the delay should continue to get longer?

   Send article as PDF   

Similar Posts