Backscatter (e-mail)

From Wikipedia, the free encyclopedia

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is a side-effect of e-mail spam, viruses and worms, where email servers receiving spam and other mail send bounce messages to an innocent party. This occurs because the original message's envelope sender is forged to contain the e-mail address of the victim. A very large proportion of such e-mail is sent with a forged From: header, matching the envelope sender.

Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as unsolicited bulk email or spam. As such, systems that generate e-mail backscatter can end up being listed on various DNSBLs and be in violation of internet service providers' Terms of Service.

[edit] Reducing the problem

The root cause of the problem is mail servers accepting email which, after further checking, they reject. A range of techniques can be used by servers to reject during the initial SMTP connection:

MTAs which forward mail can avoid generating backscatter by using a transparent SMTP proxy.

Modern practice is to reject suspicious mails at the border of the receiving network, e.g., for an SPF FAIL, and not to bounce undelivered messages when they have been judged to be spam. This is because since around 2002 the vast majority of spam has come from forged addresses.

Rejecting a message will usually cause the sending MTA to generate a bounce message or Non-Delivery Notification (NDN) to a local, authenticated user. Alternatively, if the MTA is relaying the message, it should only send such an NDN to a plausible originator as indicated in the reverse-path [2], e.g. where an SPF check has passed.

Due to controversial aspects of its design, the stock (unpatched) qmail mailserver is more likely than most to produce such bounces. For instance, qmail's security design prevents it from doing "recipient validation" to reject messages during SMTP transactions[3]. When email addressed to nonexistent recipients cannot be rejected at the SMTP connection, the only alternative is to auto-reply to the sender address, which causes email backscatter if the sender address is valid and forged[4].

Problems with backscatter reaching the innocent third party can be reduced if they always send e-mail using schemes such as Bounce Address Tag Validation.

The judgement call for what to do with undelivered mail is not simple. Best practice is, wherever possible, to reject the spam at the boundary and be done with it. The alternative is to discard spam that has already been received, and try to report non-delivery only to plausible senders.

[edit] References

  1. ^ M.N. Marsono, et al., "Rejecting Spam during SMTP Sessions," Proc. Communications, Computers and Signal Processing, 2007. PacRim 2007. IEEE Pacific Rim Conference on, 2007, pp. 236-239.
  2. ^ J. Klensin, "Simple Mail Transfer Protocol", IETF RFC 2821, page 25
  3. ^ Qmail backscatter spam [LWN.net]
  4. ^ Stopping Backscatter

[edit] External links

Languages