Backscatter (email)

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Recipients of such messages see them as a form of unsolicited bulk email or spam since they were not solicited by the recipients, are substantially similar to each other and are delivered in bulk quantities. Systems that generate email backscatter can end up being listed on various DNSBLs and be in violation of internet service providers’ Terms of Service.

Backscatter occurs because worms and spam messages often forge their sender address, and a misconfigured mailserver which has DSN’s enabled, send a bounce message to this address. This normally happens when a mailserver is configured to relay a message to a after-queue processing step, for example a antivirus scan or spam check, which then fails, and at the time the antivirus scan or spam check is done, the client has disconnected for a long time ago. In those cases, its normally not possible to reject at the SMTP stage, since a client would timeout waiting for the antivirus scan or spam check to finish. The best thing to do in this case, is then silently dropping the message, eg piping it to /dev/null.

Measures to reduce the problem include avoiding the need for bounce message by doing most rejections at the initial SMTP connection stage; and for other cases, sending bounce messages only to addresses which can be reliably judged to have not been forged, and in those cases the sender cannot be verified, thus ignoring the message (dropping it).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s