Backscatter
Backscatter is the incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.can be used.
Solution
Section titled “Solution”- Implement anti-forgery checks - SPF, DKIM and DMARC
- Implement recepient checks for acceptance of e-mail
- If above not possible disable NDR reportsExamples
Section titled “Examples”Single test
Section titled “Single test”nc 10.10.10.10 25
EHLO example.com
MAIL FROM:victim@example.com
RCPT TO:notexistingmailbox@target.com
DATA
backscatter testdata
.Automated test
Section titled “Automated test”Create a file with this content (backscatter.txt)
EHLO example.com
MAIL FROM:victim@example.com
RCPT TO:notexistingmailbox@target.com
DATA
backscatter testdata
.#!/bin/sh
while true;
do
cat backscatter.txt | while read L; do sleep "1"; echo "$L"; done | "nc" -w 3 -C -v "<target-ip>" "25";
done