What is Backscatter?
Backscatter is the flow of non-delivery reports (NDRs), out of office messages, postmaster or other automated responses sent to our e-mail system in response to spam messages sent by forging your e-mail address as the sender. When the e-mail system receiving the spam finds that it is not deliverable or some other status that it must report, the bounce message will be sent to the apparent sender of the original spam message. These messages can be confusing to users who receive the NDR, since they never sent the original message that triggered the bounce message. Spammers routinely use a randomly selected address as the sender on their e-mails, so backscatter is quite common.
Backscatter, as it relates to email, is spam that contains a forged Sender field, causing the rejected mail to “return” to an innocent person that was not the true source of the spam. Those “non-deliverable mail” notices in your mailbox that were not sent by you in the first place are backscatter from spammers using your email address illegally. Spammers know that most mail servers will not route mail without a valid sender field. Once spam became illegal, spammers stopped using their own addresses and began forging other, valid addresses. Spammers can get valid email addresses using any number of means, including software bots that scan the Web looking for email addresses on Web pages. Spamming software can also generate addresses by assigning common names to established Internet Service Providers (ISPs), and mailing lists are yet another source. Once your email address appears on a spammer’s list, spam will be generated with your address as the sender. Spam that doesn’t make it to a
If you run a mail server you have a responsibility not to send backscatter. Bounces should ideally only be generated by a mail server to a local recipient. Mail servers should not generate bounces to non-local recipients, but should instead reject the mail during the SMTP session, and leave the remote sending server to handle the bounce: if a rejected mail is a legitimate message, the bounce gets generated by the remote sending machine, as expected; if a rejected mail is not a legitimate message, the remote end will probably not generate a bounce, and all is still well.
‘Backscatter’ is the name given to messages generated when a spammer uses your mail address in the ‘From:’ line of their messages. If the spammer’s message can’t be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the ‘From:’ line. Backscatter messages takes several forms: * DSN (Delivery Status Notification) advising that the message cannot be delivered – or that delivery is delayed * Auto-replies – often advising that the mailbox is no longer in use due to spam or that the recipient is on vacation. * Rejections advising that a messages has been caught by a spamblock * Challenge/Response requesting that you confirm you sent the message If a spammer sends a large number of messages, you may receive literally hundreds or thousands of ‘backscatter’ messages. Why do spammers do this? Many mail systems will not deliver mail if the ‘From:’ line in the message references a non-existent domain (or a known spam domain). Spammers try
