You are here

Backscatter - it does matter

Submitted by Julian Stokes on 18 May, 2013 - 09:13

It seems that it is almost impossible these days to do or say anything that in some way does not cause offence. And, when it comes to running a server attached to the internet there are innumerable new ways in which to breach the code of conduct to which all should adhere if they wish to be good “netizens”.

Let me take you back to 2009...
While checking all was well in my little corner of cyberspace, imagine my horror at discovering that the mailserver was in fact on a blacklist for abhorrent behaviour. Now, years of experience has taught the value of a certain fastidiousness when it comes to making sure that the mailerver is locked down to prevent abuse by spammers and/or scammers. However there it was, in black and white: I was officially a backscatterer!

Backscatter isn’t a particularly nice sounding term. Indeed it conjures up images of unfortunate medical conditions – the least said the better. But, in order to get to grips with it, we need to have some understanding of what it means.

When an email arrives at the mailserver there are two basic options. The server can accept it and take delivery of it for further processing or it can REJECT it there and then, ie refuse to handle it. Having accepted the email, if the server then finds it is unable to deliver it to the appropriate mailbox it can then DROP or BOUNCE the message. DROP means, just that, forget the message ever existed and delete it. Not always a good idea because the sender of the message  will not know it didn’t reach its target.  BOUNCE is much friendlier because the sender is notified of non-delivery.

As we know spammers often send their emails with a forged “From address”. Also they also try their luck by sending emails to a vast combination of names in the hope that some are valid. If the server is set up to accept the email, then check to see if the user exists and if it doesn’t, to BOUNCE the email back, and if the From address is forged then that unfortunate and entirely innocent address is going to be on the receiving end of a lot of spam.

The answer is to set the server to check that recipient address is valid before accepting it. If it is not then to REJECT it, which stops the process then and there. Genuine senders who have made a genuine mistake such as a typo  will be informed that their message could not be delivered. maintains the blacklist. They require money if you wish to be removed from their list (once you have sorted the configuration) or you can opt to wait for a month and let the listing expire if you’d rather not pay.