How to reduce backscatter and spam
This article discusses backscatter, some possible ways to help reduce it, and why there is no easy way to resolve the problem.
What is backscatter?
Backscatter is a side effect of spammers sending forged bulk messages (spam) that appear to originate from valid e-mail addresses. Spammers do this to increase the likelihood of their messages getting through filters and reaching recipients. If spammers use e-mail addresses from your domain in their forged messages, you may receive backscatter.
The following steps outline how backscatter is generated:
- The spammer generates a message that contains a forged sender (FROM) e-mail address. The sender e-mail address is real and valid (for our example, we will use the fictional e-mail address [email protected]).
- The spammer sends the forged message to a recipient e-mail address that is not on the example.com domain.
- The recipient's mail server rejects the message as spam, and sends a bounce notification to the supposed sender (in this case, [email protected]).
- Kelly's inbox at [email protected] now has a bounce notification message (“backscatter”) in it.
This example scenario describes the process for one message, but spammers will usually send many, many messages. This generates a large number of bounce notification messages, all of which in this case go to [email protected].
Because of how the SMTP protocol works, there is unfortunately no one single “fix” that can be done to eliminate all backscatter all of the time.
However, there are a few things you can do to help reduce the likelihood of receiving backscatter:
- Minimize e-mail address collection: Try to avoid posting valid e-mail addresses on your website. There are many bots that crawl web pages searching for e-mail addresses. If your site content does not contain any of your e-mail addresses, it is less likely that spammers can use them as forged sender identities.
- Enable Sender Policy Framework (SPF): Enabling SPF on your domain may help reduce backscatter, though unfortunately many e-mail servers do not actually honor SPF settings. For information about how to configure SPF for your account, please see this article.