Director’s Blog
Spam “backscatter”

May 19, 2008

Spam “backscatter”

Filed under: tech — Tom Holub @ 5:28 pm

In the past few weeks on campus, many users and mailing lists have been affected by a spam-related phenomenon known as “backscatter.”  Backscatter occurs when a spammer sends out a bunch of mail with a forged, but legitimate “From” address.  When they do this, servers which reject the mail often bounce the message back to the sender listed in the “From” field.  The result is that a person or mailing list which really had nothing to do with sending out the spam can get dozens or hundreds of bounce messages related to it.

The tactic is used primarily because mail with a legitimate From address is more likely to get through spam filters.  In general, the spammers are not targeting any individual or institution; they’re just doing whatever they can to improve their chances of having their messages delivered.

Users who are victimized by large amounts of backscatter often worry that their computer was broken into, or that they  have a virus.  Generally, backscatter does not indicate any problems with your own computer or mail server.  There have been some cases where a virus sent out messages designed to look like backscatter, with the virus payload as an attachment to the message, but even these cases were not a problem for users unless they clicked on the attachment.

As with most spam issues, backscatter is a pernicious problem.  When we send out a legitimate email that doesn’t get through, we want to get a bounce message that informs us of the problem, so we can resend or readdress the message.  It’s quite difficult for mail servers to tell the difference between a legitimate and an illegitimate message, so as long as mail servers are configured to deliver bounce messages, and as long as spammers are still spamming, backscatter will continue to occur.  We are looking at moving more of our mail services to the CalMail domain hosting environment; CalMail has better spam protection than we can easily implement at the departmental level, including better protection against backscatter.  Unfortunately, there is no magic bullet; CalMail users also experience spam and backscatter problems, though generally with less frequency than our other mail server users.

For now, our best weapon in the spam wars  remains the same; take a deep breath, let it go, and hit the delete key.

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Comments are moderated - if this is your first comment, it will not appear until it has been approved by a site editor.

Posts and comments on this blog are the opinions of their authors, and do not necessarily represent the opinions of LSCR, the College of Letters & Science, or the University.