Resolving backscatter issues

T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,193
Reaction score
10,233
Location
Nkaaaaandla
First, what does backscatter mean? (in the context of email)

http://en.wikipedia.org/wiki/Backscatter_(email)

Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Recipients of such messages see them as a form of unsolicited bulk email or spam since they were not solicited by the recipients, are substantially similar to each other and are delivered in bulk quantities. Systems that generate email backscatter can end up being listed on various DNSBLs and be in violation of internet service providers' Terms of Service.

Backscatter occurs because worms and spam messages often forge their sender address, and mailservers configured by naive administrators send a bounce message to this address.

Measures to reduce the problem include avoiding the need for bounce message by doing most rejections at the initial SMTP connection stage; and sending bounce messages only to addresses which can be reliably judged to have not been forged.
Click to expand...

Now - how do you minimize backscatter?

On Exchange2003 it is very simple :

Go to Exchange System Manager, expand Global Settings, right-click on Message Delivery, select Properties, select the "Recipient Filtering" tab, and ensure that there is a tick mark in to "Filter recipients who are not in the Directory". Apply and close.

image0081091449643562.jpg

Taken from MSExchange.org :

The "Filter recipients who are not in the Directory" option, not enabled by default is the single most overlooked important setting. It allows you to fight dictionary and other SPAM attacks. Spammers send mail to users they hope exist in your domain, sometimes hoping to learn if they exist by reading NDRs generated by Exchange, and sometimes just sending to common names, or running through a dictionary of names.

Let''s evaluate such a scenario. A virus hits one of your customers' computers. The virus opens a contact for a user in your domain. It starts viruses to users in your domain by using names and the first letter of the alphabet. So, you're now getting a lot of e-mails containing a virus sent to "johna", "johnb", "johnc", etc.

If you filter out recipients that are not in the directory then your antivirus engine does not have to handle all these messages. Instead, it only has to handle messages actually addressed to people in your organization, thus, lowering the CPU and disk space use required by your Antivirus package.
Click to expand...

Now, spammers are a crafty lot, and they have started to spoof their emails with other people's addresses. So the spam hits your server, and gets bounced back to somebody else, who get the spam message in their inbox. Not nice.


I also had backscatter issues, and was able to resolve it by taking the above step.

Linux distros and newer Exchange versions have their own ways and means of dealing with backscatter, just google for it.

And good luck in the fight against spam ;)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X