Electronic mail (“E-mail”) is currently a popular means of communication between individuals with access to a computer network, such as the Internet. E-mail is convenient and fast, and is relied upon extensively by businesses and home computer users. Unfortunately, some legitimate advertisers, unscrupulous individuals and hackers have resorted to mass mailings of advertisements (“spam”) the e-mail. This spam is sent to computer users using various means whether they have asked for these messages are not, and includes any unsolicited e-mail message in addition to advertisements. Spam is definitely an economic burden on businesses because it clogs computer systems and results in loss of productivity, and is certainly more than a nuisance to the home computer user.
One technique used by these individuals to propagate spam is known as the e-mail “bounce attack.” The bounce attack is now a problem for e-mail security and efforts are under way to prevent it. FIG. 1 illustrates how a prior art bounce attack works.
Shown is an attacker 20 attempting to deliver spam e-mail to an innocent user 30 via server computers 40 and 50 over the Internet. The attacker operates from a server computer hosting domain 22 “A.com” and begins by sending a message 1 from that domain to the domain 42 “B.com.” This first message is sent to a recipient in domain 42 who does not exist, “nonexist@B.com,” and includes a fake sender address, userx@C.com. Of course, user 30 has not sent this message but it is the attacker's intention that user 30 will receive an unsolicited mail message. The mail transfer agent (MTA) 44 receives this first message and attempts to deliver this message 2 to mail server 46. Of course, this delivery will fail since the recipient does not exist, and a message 3 is sent from the mail server back to the MTA 44 indicating that delivery has been rejected since the e-mail account (and user) does not exist.
Because delivery has failed, MTA 44 generates a delivery status notification (DSN) and attempts to send the notification 4 to who it thinks is the original sender, userx@C.com. This message 4 is routed from MTA 44 to the MTA 54 within domain 52, C.com, and is termed the bounce e-mail message. The message is then routed 5 from the MTA to mail server 56 and then delivered 6 to the unsuspecting user 30. If MTA 54 and mail server 56 do not do any kind of screening or checking for spam then user 30 will receive this bounce e-mail spam even though he or she never sent the message in the first place to the nonexistent user at computer 40.
This is one example of how a bounce e-mail attack is implemented. In a real environment, the bounce message may also include an attachment with malicious content such as a computer virus, a phishing attack, etc. A denial of service attack may also be implemented using bounce e-mail messages. A bounce e-mail attack causes problems because: the user receives spam or phishing messages; a denial of service attack may be launched; it is hard to track the original attacker; and unnecessary e-mail storage results if the victim stores all incoming messages.
It would be desirable to find a technique to counter a bounce e-mail attack that addresses the problems in the prior art and that does not have any of the disadvantages associated with other proposed solutions.