We frequently get questions about the Backscatterer.org IP blocklist.  Customers call in and say “Your outbound IPs for the service are on Backscatterer!  What are you doing about it?” I thought I’d write a blog post to explain what we do and how the Backscatterer list works. Backscatterer...

The other day, I was talking with a friend of mine who owns a Mac and how he finds the Bounce feature of Apple mail very useful.  "Bounce feature?" I asked.  "Is that what I think it is?" I don't use Apple Mail anymore.  I do have a Mac but I use it mostly (though not...

Backscatter spam is annoying.  It's tough to filter because the contents of it can fool content filters and can also fool end users. Indeed, if your content filter could recognize an NDR and ignore the parts that typically occur in NDRs, you could then filter the rest of the message normally and...

While BATV is a good technique, we've seen that there can be some limitations with it when combining it with an SPF policy.  What else do we have to consider with BATV? Catch-all addresses or non-deliverable addresses - Some MTAs will look up the recipient in the SMTP conversation.  For example...

We've seen that BATV is one of the better mechanisms to stop backscatter, the question now is how do we use it?  What stuff does it potentially break? Some of the commenters in my other posts have alluded to it when they have said that you can't use BATV unless you have an SPF policy that dictates...

The following is a diagram that I drew that illustrates a summary of how BATV is supposed to work to prevent backscatter. Note the sequence of steps: Bender sends a message and hands it off through the outbound server. The outbound server signs his SMTP MAIL FROM. The recipient email server, mail.planet...

As we approach the end of my series on backscatter, there is still one more piece of technology that holds real promise to combating backscatter - Bounce Address Tag Validation, or BATV.  That sounds a bit like a successor to HDTV... but it's not. BATV is a more secure mechanism of my part 11 post...

Around the internet world, specifically dealing with email and MTAs, there are people who are familiar with and have expertise with a number of MTAs.  Things like Exchange, Postfix, Sendmail, Qmail, Exim, and so forth.  I am not one of those people.  So, in writing this series I have learned...

Many of the web sites that discuss backscatter encourage mail administrators to not further contribute to the problem of backscatter.  I would be remiss if I did not include a section on it. Don't accept mail, and then bounce.   The primary problem of general backscatter is when email servers...

Other than content filtering and SPF, there's another way to combat backscatter - check to see if you sent the message in the first place.  We have already seen that NDR messages and backscatter contain a notice from the bouncing email server as well as all or part of the original message. ...

Using content analysis is one trick you can use to stop backscatter.  Another is to use SPF records. SPF records are designed to help combat backscatter on the theory that the recipient mail server will be able to figure out that your server didn't send it.  Here's how it works: Bob has his...

We can see how backscatter is a problem, so how do we go about stopping it?  What are some of the techniques we can employ to keep it out of our inboxes? One such technique is to block all NDR messages, or at least tag phrases and characteristics that commonly occur in NDR backscatter as inputs...

I came across the following diagram at this site, and it nicely summarizes the issue of backscatter spam: Getting a single piece of backscatter spam is one thing, getting dozens, hundreds or even thousands of them is a major problem.  While spammers may be nefarious in attempting to spam indirectly...

Having worked our way through how NDRs and DSNs are supposed to work, we can now finally look at what backscatter actually is. Recall the SMTP protocol - when you send a message, you specify the HELO, the MAIL FROM, the RCPT TO, the DATA (email contents including other miscellaneous headers) and the...

Earlier in my third post , I said that if server A sends a message to server B and server B cannot deliver it, server B sends a message back to server A called an NDR.  It's not quite that simple, there are differing cases on who generates the NDR. Let me quote from Wikipedia since they summarize...

Continuing on from my previous post about the format of Delivery Status Notifications, a DSN must be addressed to the return address from the transport envelope which accompanied the original message for which the DSN was generated. (For a message that arrived via SMTP, the envelope return address appears...

As one of the commenters in my previous post mentioned, RFC 3464 specifies the content-type for Delivery Status Notifications. This isn't a series about the RFC specification so I shall attempt to summarize it as best I can. This post is mostly a repost of the RFC itself and I include it for the sake...

When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. There are a few kinds of bounce notifications that a mail server can send: Recipient does not exist Recipient's email inbox is full...

Before getting into the problem of backscatter, let's look at how the system is supposed to work before spammers ruined it for everyone. Let's say that you want to mail a letter to your friend. You write the letter, put it in an envelope, and write your friend's address in the center of the...

As the creator, editor and sole content contributor to this blog, I like to write about topics that are relevant to myself at the present moment.  For example, if we are dealing with a breakout of image spam, I will write a few posts about why image spam is difficult to deal with.  If we are...