|
这种情况并不是你自己给自己发的邮件,更不用担惊受怕自己计算机中招,而是你成为了反向NDR攻击的受害者,
RNDR攻击过程大致如下:
People who send UCE to e-mail recipients have discovered a method to work around the e-mail filters that are built into many e-mail messaging systems. In this scenario, the people who send UCE try to take advantage of the delivery status notification functionality in the e-mail server. In a typical e-mail messaging system, an NDR delivery status notification message is generated when an e-mail message cannot be delivered. Additionally, this NDR message typically contains the content of the undeliverable message. This behavior follows the Request for Comments (RFC) standards. Therefore, most messaging systems behave in this manner.
The person who sends UCE uses this NDR message to deliver UCE. This kind of UCE delivery is known as a reverse NDR attack. This kind of UCE delivery works in the following way:
- Unsolicited commercial e-mail is created by using the destination recipient's e-mail address in the Sender field of that e-mail message.
- A fictitious user name together with your domain name is added as the recipient of this e-mail message.
- This unsolicited commercial e-mail message is sent to your domain.
- Your e-mail server accepts this message because the message is sent to your domain.
- Your e-mail server cannot deliver this message because the recipient does not exist.
- Your e-mail server sends an NDR to the person who appears as the sender of this message. In this scenario, the person who appears as the message sender is the external recipient that receives the NDR from the postmaster account. The person who sends the UCE puts the intended recipient of the UCE in the Sender field of the message. Therefore, the intended recipient receives the NDR from the postmaster account in your e-mail domain.
- The NDR is sent to the external e-mail address from the postmaster address of your domain. This NDR may contain the original UCE message.
- The unsuspecting user might read this NDR together with the UCE message. Therefore, the UCE message has been delivered successfully to the external recipient who is listed in the Sender field of the original e-mail message.
http://support.microsoft.com/default.aspx/kb/909005/en-us/
|
|