Preventing Backscatter Spam When Using SocketLabs as a Smart Host

What is backscatter spam?

Backscatter spam is misdirected bounce messages sent by mail servers, typically as a side effect of incoming spam.

When an email message cannot be delivered oftentimes a bounce message or non-delivery report (NDR) is generated and sent back to the original sender of the message. When these reports become misdirected or contain the same [spam] content of the original email it becomes what is called backscatter spam.

What are the most common types of backscatter spam?

1) Misdirected bounces and NDRs from spam messages, usually from mail servers that accept all mail and later return an error message instead of rejecting messages during the SMTP protocol communication process.

2) Misdirected malware and virus email notifications from virus scanners.

3) Misdirected subscription confirmation requests from mailing lists that allow for opt-in via email.

Why is backscatter spam a problem?

When your mail server sends bounces and NDRs in response to spam messages it has received it can cause delivery problems with your entire outgoing mail stream.

Oftentimes the senders of spam messages use addresses at the major mailbox providers such as Gmail, Yahoo, Hotmail, and AOL. This then becomes the recipient domain of where your mail server sends back the error notice often including the original content. This causes the mailbox providers to identify your mail server as a possible malicious source, especially when you include the original content of the message in your bounce or NDR. This may affect your ability to successfully deliver messages to the inbox and could harm the sending reputation of SocketLabs if these messages are transmitted through our service.

There are blacklisting services dedicated to monitoring and listing IP addresses responsible for backscatter spam: [ http://www.backscatterer.org/ ]. Being blacklisted could have a major effect on your company and its ability to deliver messages as well.

How do I prevent email spam and stop my servers from sending backscatter?

·    Disable NDRs for non-local users.  See the resources section below for more information.

·    Filter your inbound mail and do not send NDRs for messages detecting as possible spam.

·    Do not use a challenge-response inbound anti-spam product.

·    Do not send out-of-office responses or other auto-responders.

SocketLabs On-Demand accounts can also often prevent backscatter by enabling the Deliver From Whitelist feature. Backscatter messages are often created and sent with a null return path value, enabling the Deliver-From-Whitelist will prevent messages with null return paths from being injected. For more information on the Deliver-From-Whitelist see our KB article here: [ https://support.socketlabs.com/kb/107/ ].

Backscatter Spam Links and Resources

SpamResource.com provides some more information and details on the topic [ http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html ].

Justin Mason also touched on the backscatter spam subject in a blog post [ http://taint.org/tag/backscatter ].

Disabling NDR messages in Exchange 2003 [ http://support.microsoft.com/default.aspx?scid=kb;en-us;886208 ].

Disabling NDR messages in Exchange 2007 [ http://www.allspammedup.com/2009/04/protecting-yourself-and-others-from-backscatter-spam-with-exchange-server-2007/ ].

SpamLinks.net provides hundred of other links to more information and backscatter prevention tutorials for many other products beyond Exchange Server [ http://spamlinks.net/prevent-secure-backscatter.htm ].

Any other questions, comments, or concerns about backscatter spam or how to prevent email spam can be directed to the SocketLabs Support team: [email protected]

Table of Contents