In August 2009, PandaLabs recorded a 2000 percent increase in the amount of different NDR spam messages in circulation (compared to the number of samples detected between January and June this year). Twenty percent of global spam monitored by Panda Security uses this technique.
An NDR (non-delivery report) is an email automatically sent by mail systems to advise senders of problems delivering their messages.
These messages are usually legitimate, but this mail server function is being exploited by spammers to distribute spam, using the sender’s real name. The spam content is usually sent as an attachment to the fake non-delivery notice. Although in most cases users have not sent the supposedly undelivered email, they still become curious and open it.
According to Luis Corrons, technical director of PandaLabs, “there is presently no consensus on whether NDRs are a technique to evade anti-spam filters or a collateral effect of dictionary attacks; either way, this technique is now among the most widely used. These waves of spam are usually generated through botnets (infected PCs controlled by attackers to launch spam, etc.). Since most NDRs are legitimate emails and, part of the mail server functionality, many traditional anti-spam techniques did not detect or block them up until now”.