How to put a stop to backscatter

First things first, what is backscatter? Backscatter messages are non delivery notices sent to you without your request. These messages are usually directly related to spam issues. A few examples of backscatter would include “out of office” messages, bounced or rejected email notifications, messages from virus scanners, and challenge and response requests from anti spam software originating from addresses you never even sent a message to.

How does it get to your inbox? These aren’t just unexplainable mistakes. Backscatter normally happens when someone uses your email address or domain in the “From:” field of an email. Spammers are notorious for doing this for the simple fact that most mail systems do not deliver mail where email addresses or domains in the “From:” fields are non-existent. Depending on how much spam the spammer sends out you could be receiving hundreds to thousands of NDR (non-delivery receipt) messages.

From the Exchange system administrator, how do I stop backscatter from congesting my exchange server? Here is a solution that I use on my Exchange 2003 server.

  1. Open the “System Manager” on the Exchange server.
  2. Expand the “Global Settings” selection and click on “Internet Message Formats”.
  3. Right click on the “Default” object and select “Properties”.
  4. Click on the “Advanced” tab and clear the box for “Allow non-delivery reports” and click “OK”.

You can also specify an address to send NDR messages to. I would recommend setting up a postmaster email box or alias to collect these messages. The instructions for specifying the address to receive the NDR’s are outlined below.

  1. In the “System Manager” expand the “Servers” selection.
  2. Expand <your.server> and also expand the “Protocols” selection.
  3. Expand the “SMTP” selection and right click on the “Default SMTP Virtual Server” object and click on “Properties”.
  4. Once in the “Properties” window click on the “Messages” tab and add the address into the “Send copy of non-delivery report to” field.
  5. Once you have completed this you will need to restart the MS Exchange Routing Engine as well as the SMTP services.

This is one way to stop backscatter. This solution will only block the NDR type messages. There may be other solutions that would stop the other types of backscatter you may receive, but I feel the NDR type responses are the most common. For those of you running other email servers like qmail, postfix, or sendmail. There are fixes available out there for you to and we will address some of those in the next post.