Spam Backscatter
What is Backscatter? Backscatter refers to the mass number of e-mails received when a spam message forges the “From” address. You have likely seen them come in to your inbox by the dozens: Messages that indicate the intended recipient does not exist and the original message has your e-mail address in the “From” field. You, of course, did not send out these messages so, why are they bouncing back to you? The issue is not with you or your hosting provider’s mail server. The issue has to do with administration of the mail server that the spam message was sent to originally.
Why Does it happen? When configuring a mail server, the administrator has many options available. One choice is how to handle inbound e-mails addressed to recipients that do not exist. One option is to accept the message first and then look at who the message is addressed to. After the message has been accepted and the mail server can not find the recipient, its only choice is to generate a bounced message and send it to the address in the “From” field. This process causes more work for the server and generates the dreaded backscatter which causes a great deal of unnecessary data on the Internet.
Another option is to not accept the message until the mail server “knows” that the intended recipient is present. Basically, a request is made to deliver a message to an address. If the intended recipient does not exist, the message is simply denied. No processing the message. No bounced message. The server just says, “no”. This is, by far, the preferred choice though, many server administrators, for some reason, opt for the previous method and, subsequently, generate the backscatter.
What do we do about it? Now that we know what backscatter is, how do we stop it? Unfortunately, there is no way to stop it cold. Some information on the web indicates that spammers who employ this technique will regularly change the addresses they use to decrease their chances of getting blocked. Of course, there is nothing stopping them from periodically using your address again. There is one technology that can help mitigate the flow of backscatter. It is called SPF and we will discuss this technology in another post. We will say that SPF helps only a little as it requires that both the mail servers and DNS servers (yours and the server generating the bounced message) employ SPF and, currently, SPF is not as widely adopted as it should be. Ask your DNS host if they offer SPF.
Also, if you have a catchall configured for your e-mail address, remove it. The catchall will accept any mail to any recipient at your domain name.
Finally, you can try filtering bounced messages with message filters in your e-mail client. This is a little tedious as there seems to be as many different bounced message reporting formats as there are systems administrators. You also run the risk of legitimate bounced messages being filtered and, as such, you might not see them. Simply set up message rules that filter messages based on common characteristics in the bounced messages “From” and “Subject” field.
