Backscatter is auto-generated email replies to an email address who didn't originally send an email. It occurs when the Return-path, From or Reply-to domains are forged as the sender on spam messages, and the receiving server accepts a message for delivery but determines later that the message cannot be delivered. The receiving server then sends a bounce message back to the forged sender address indicating non-delivery.
Backscatter becomes a big problem when a recipient of your bounce message is a spam trap, which places your IP addresses at risk of being listed on a specialized backscatter blocklist or a more general blocklist which uses spam trap data. It may cause extra load on the sending and receiving servers which may put you at risk for throttling at your Internet service provider. If the volume of backscattered email bounces is large enough, it may be perceived as a denial-of-service (DoS) attack resulting in the blocklisting and blocking of your IP address.
Here is an example of backscatter:
- A spammer sends an email to a thousand people with a subject line of Hello and a From address of firstname.lastname@example.org, a forged sending address from a legitimate company called Example Corp.
- One of the recipient addresses is email@example.com, where sampleinc.net is a legitimate domain, but firstname.lastname@example.org is not an active email account.
- If incoming bounces are handled asynchronously, then Sample, Inc. would accept the incoming email first and then send a rejection later. The rejection would be in the form of a new email message, a non-delivery notification sent to the legitimate owner of email@example.com saying that their Hello email was not delivered because the firstname.lastname@example.org email account does not exist.
- Example Corp receives the backscatter and only then becomes aware of the situation because the original email was sent by a spammer and Example Corp's domain was used fraudulently.
If, in a similar scenario, the forged sending email address was a spam trap, Sample, Inc. would send a rejection email to a spam trap. If that spam trap feeds the Backscatterer blocklist or another blocklist, then Sample, Inc's IP address would be blocklisted.
To minimize the risk of sending backscatter, ensure your server is configured to handle bounces of incoming email synchronously, which means that rejections are sent immediately within the Simple Mail Transfer Protocol (SMTP) conversation.