22:
250:. A receiving server can initially accept the full message, but then determine that it is spam or virus, and then delete it automatically, sometimes by rewriting the final recipient to "/dev/null" or similar. This behavior can be used when the "spam score" of an email is seriously high or the mail contains a virus.
225:
mail, recipient mail servers receiving these forged messages have no simple or standard way to determine the authenticity of the sender. If they accept the email during the connection phases and then, after further checking, refuse it (e.g., software determines the message is likely spam), they will
184:
is configured to relay a message to an after-queue processing step, for example, an antivirus scan or spam check, which then fails, and at the time the antivirus scan or spam check is done, the client already has disconnected. In those cases, it is normally not possible to reject the
148:
Recipients of such messages see them as a form of unsolicited bulk email or spam, because they were not solicited by the recipients. They are substantially similar to each other, and are delivered in bulk quantities. Systems that generate email backscatter may be listed on various
197:
connection stage; and for other cases, sending bounce messages only to addresses which can be reliably judged not to have been forged, and in those cases the sender cannot be verified, thus ignoring the message (i.e., dropping it).
388:
While preventing backscatter is desirable, it is also possible to reduce its impact by filtering for it, and many spam filtering systems now include the option to attempt to detect and reject backscatter email as spam.
189:
transaction, since a client would time out while waiting for the antivirus scan or spam check to finish. The best thing to do in this case, is to silently drop the message, rather than risk creating backscatter.
258:
says: "silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate."
206:
Authors of spam and viruses wish to make their messages appear to originate from a legitimate source to fool recipients into opening the message, so they often use
603:
274:. A receiving server can initially accept the full message, but then determine that it is spam or to a non-existent recipient, and generate a
282:
Backscatter occurs when the "bounce" method is used, and the sender information on the incoming email was that of an unrelated third party.
294:
and spam messages helps reduce backscatter, but other common approaches, such as those in this section, also reduce the same problem.
645:
86:
717:
58:
449:
268:
it - delivering to "Junk" or "Spam" folders from where it will eventually be deleted automatically. This is common behavior.
226:
use the (potentially forged) sender's address to attempt a good-faith effort to report the problem to the apparent sender.
39:
434:
2007 Third
International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007
380:
Mail servers sending email bounce messages can use a range of measures to judge whether a return address has been forged.
65:
193:
Measures to reduce the problem include avoiding the need for a bounce message by doing most rejections at the initial
105:
72:
476:
43:
54:
742:
661:
393:
346:
612:
515:
430:"Proceedings of the third international conference on security and privacy in communication networks"
154:
549:
264:. A receiving server can initially accept the full message, but then determine that it is spam, and
464:
Alternatively, if the MTA is relaying the message, it should only send such an NDN to a plausible
502:
332:
32:
369:
306:
connection, mailservers can do a range of checks, and often reject email with a 5xx error code
181:
173:
79:
533:
490:
8:
365:
358:
314:
470:
396:"tag" their outgoing email in a way that allows them to reliably detect incoming bogus
583:
737:
655:
445:
229:
Mail servers can handle undeliverable messages in four fundamentally different ways:
681:
669:
480:
437:
251:
158:
693:
631:
429:
310:. Rejecting a message at the connection-stage in this way will usually cause the
169:
673:
493:
441:
255:
397:
318:
275:
236:. A receiving server can reject the incoming email during the connection stage
177:
138:
731:
291:
215:
165:
240:. If a message is rejected at connect time with a 5xx error code, then the
207:
172:
addresses. Instead of simply rejecting a spam message, a misconfigured
142:
368:(MTAs) which forward mail can avoid generating backscatter by using a
485:
340:
278:
back to the supposed sender indicating that message delivery failed.
21:
321:
or Non-Delivery
Notification (NDN) to a local, authenticated user.
707:
699:
409:
584:"The "Virus Bounce Ruleset" is a SpamAssassin ruleset to catch
211:
676:: Recommendations for Automatic Responses to Electronic Mail.
352:
150:
141:
sent by mail servers, typically as a side effect of incoming
568:
Marsono, MN (2007), "Rejecting Spam during SMTP Sessions",
336:
303:
222:
194:
186:
244:
server can report the problem to the real sender cleanly.
180:
to such a forged address. This normally happens when a
570:
Proc. Communications, Computers and Signal
Processing
46:. Unsourced material may be challenged and removed.
517:The Hidden Power of Sender and Recipient Filtering
719:100 E-mail Bouncebacks? You've Been Backscattered
729:
218:, and web pages for legitimate email addresses.
605:Mail DDoS Attacks through Non Delivery Messages
375:
297:
392:In addition, systems using schemes such as
308:while the sending server is still connected
238:while the sending server is still connected
650:, archived from the original on 2008-04-05
484:
106:Learn how and when to remove this message
383:
567:
468:
465:
285:
730:
572:, Pacific Rim: IEEE, pp. 236–39
168:and spam messages often forge their
44:adding citations to reliable sources
15:
532:"Configuring Recipient Filtering",
347:forward-confirmed reverse DNS entry
331:Failed anti-forgery checks such as
13:
14:
754:
596:
713:: why you shouldn't bounce spam.
692:"Why are auto responders bad?",
611:, Techzoom, 2004, archived from
550:"Recipient address verification"
498:as indicated in the reverse-path
20:
680:"Moronic Mail Autoresponders",
324:Reasons for rejection include:
31:needs additional citations for
577:
561:
542:
525:
508:
458:
422:
1:
472:Simple Mail Transfer Protocol
415:
394:Bounce Address Tag Validation
7:
554:Address verification readme
442:10.1109/seccom.2007.4550292
403:
345:Servers that do not have a
328:Failed recipient validation
164:Backscatter occurs because
153:and may be in violation of
137:) is incorrectly automated
10:
759:
436:. IEEE. 2007. pp. i.
376:Checking bounce recipients
298:Connection-stage rejection
155:internet service providers
660:: CS1 maint: unfit URL (
469:Klensin, J (April 2001),
357:Temporary rejection via
201:
55:"Backscatter" email
290:Every step to control
370:transparent SMTP proxy
384:Filtering backscatter
221:Due to the design of
208:web-crawling software
743:Email authentication
366:Mail transfer agents
317:to generate a local
286:Reducing the problem
40:improve this article
302:During the initial
127:misdirected bounces
709:Don't bounce spam
520:, MS Exchange.org
505:check has passed.
451:978-1-4244-0974-7
116:
115:
108:
90:
750:
723:
712:
702:
687:
665:
659:
651:
639:
638:
625:
624:
623:
617:
610:
590:
581:
575:
573:
565:
559:
557:
546:
540:
539:
529:
523:
521:
512:
506:
500:
488:
486:10.17487/RFC2821
467:
462:
456:
455:
426:
159:Terms of Service
151:email blacklists
111:
104:
100:
97:
91:
89:
48:
24:
16:
758:
757:
753:
752:
751:
749:
748:
747:
728:
727:
716:
706:
691:
683:A FAQ From Hell
679:
653:
652:
644:"Backscatter",
643:
636:
630:"Backscatter",
629:
621:
619:
615:
608:
602:
599:
594:
593:
582:
578:
566:
562:
548:
547:
543:
531:
530:
526:
514:
513:
509:
463:
459:
452:
428:
427:
423:
418:
406:
398:bounce messages
386:
378:
300:
288:
204:
139:bounce messages
135:collateral spam
121:(also known as
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
756:
746:
745:
740:
726:
725:
714:
704:
689:
677:
667:
641:
627:
598:
597:External links
595:
592:
591:
576:
560:
541:
524:
507:
501:e.g. where an
479:, p. 25,
457:
450:
420:
419:
417:
414:
413:
412:
405:
402:
385:
382:
377:
374:
363:
362:
355:
349:
343:
329:
319:bounce message
299:
296:
287:
284:
280:
279:
276:bounce message
269:
259:
245:
216:message boards
203:
200:
178:bounce message
114:
113:
28:
26:
19:
9:
6:
4:
3:
2:
755:
744:
741:
739:
736:
735:
733:
721:
720:
715:
711:
710:
705:
701:
697:
696:
690:
685:
684:
678:
675:
671:
668:
663:
657:
649:
648:
642:
635:
634:
628:
618:on 2013-01-16
614:
607:
606:
601:
600:
589:
587:
580:
571:
564:
556:, Postfix.org
555:
551:
545:
537:
536:
528:
519:
518:
511:
504:
499:
495:
492:
487:
482:
478:
474:
473:
461:
453:
447:
443:
439:
435:
431:
425:
421:
411:
408:
407:
401:
399:
395:
390:
381:
373:
371:
367:
360:
356:
354:
350:
348:
344:
342:
338:
334:
330:
327:
326:
325:
322:
320:
316:
313:
309:
305:
295:
293:
283:
277:
273:
270:
267:
263:
260:
257:
253:
249:
246:
243:
239:
235:
232:
231:
230:
227:
224:
219:
217:
213:
209:
199:
196:
191:
188:
183:
179:
175:
171:
167:
162:
160:
156:
152:
146:
144:
140:
136:
132:
128:
124:
120:
110:
107:
99:
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
718:
708:
694:
682:
646:
632:
620:, retrieved
613:the original
604:
585:
579:
569:
563:
553:
544:
534:
527:
516:
510:
497:
471:
460:
433:
424:
391:
387:
379:
364:
323:
311:
307:
301:
289:
281:
271:
265:
261:
247:
241:
237:
233:
228:
220:
205:
192:
163:
147:
134:
130:
126:
122:
118:
117:
102:
96:October 2022
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
586:backscatter
538:, Microsoft
359:greylisting
353:block lists
351:Senders on
182:mail server
174:mail server
119:Backscatter
732:Categories
722:, PC World
622:2008-04-11
466:originator
416:References
266:quarantine
262:Quarantine
214:postings,
123:outscatter
66:newspapers
686:, FI: Iki
647:SpamLinks
341:Sender ID
738:Spamming
656:citation
637:(readme)
404:See also
210:to scan
176:sends a
131:blowback
700:SpamCop
633:Postfix
616:(paper)
535:Technet
410:Joe job
361:methods
312:sending
242:sending
80:scholar
672:
448:
272:Bounce
254:
234:Reject
212:usenet
170:sender
82:
75:
68:
61:
53:
609:(PDF)
292:worms
202:Cause
166:worms
87:JSTOR
73:books
674:3834
662:link
494:2821
477:IETF
446:ISBN
337:DKIM
304:SMTP
256:5321
248:Drop
223:SMTP
195:SMTP
187:SMTP
143:spam
59:news
695:FAQ
670:RFC
503:SPF
491:RFC
481:doi
438:doi
339:or
333:SPF
315:MTA
252:RFC
133:or
42:by
734::
698:,
658:}}
654:{{
552:,
496:,
489:,
475:,
444:.
432:.
400:.
372:.
335:,
161:.
157:'
145:.
129:,
125:,
724:.
703:.
688:.
666:.
664:)
640:.
626:.
588:"
574:.
558:.
522:.
483::
454:.
440::
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.