Email Backscatter Prevention Feature
Email backscatter refers to auto-generated email replies to an email address who didn’t originally send an email. It occurs when the Return-path, From or Reply-to domains are forged as the sender on spam messages, and the receiving server accepts a message for delivery but determines later that the message cannot be delivered.
You can enable backscatter prevention when using Spambrella from within the ‘Spam’ tab area. At the bottom of the page select the drop menu and enable to ‘yes’.
Authors of spam and viruses wish to make their messages appear to originate from a legitimate source to fool recipients into opening the message, so they often use web-crawling software to scan usenet postings, message boards, and web pages for legitimate email addresses.
Due to the design of SMTP mail, recipient mail servers receiving these forged messages have no simple, standard way to determine the authenticity of the sender. If they accept the email during the connection phases and then, after further checking, refuse it (e.g., software determines the message is likely spam), they will use the (potentially forged) sender’s address to attempt a good-faith effort to report the problem to the apparent sender.
Mail servers can handle undeliverable messages in four fundamentally different ways:
- Reject – A receiving server can reject the incoming email during the connection stage while the sending server is still connected. If a message is rejected at connect time with a 5xx error code, then the sending server can report the problem to the real sender cleanly.
- Drop – A receiving server can initially accept the full message, but then determine that it is spam or virus, and then delete it automatically, sometimes by rewriting the final recipient to “/dev/null” or similar. This behavior can be used when the “spam score” of an email is seriously high or the mail contains a virus. RFC 5321 says: “silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate.”
- Quarantine – A receiving server can initially accept the full message, but then determine that it is spam, and quarantine it – delivering to “Junk” or “Spam” folders from where it will eventually be deleted automatically. This is common behavior.
- Bounce – A receiving server can initially accept the full message, but then determine that it is spam or to a non-existent recipient, and generate a bounce message back to the supposed sender indicating that message delivery failed.
Backscatter occurs when the “bounce” method is used, and the sender information on the incoming email was that of an unrelated third party.