Backscatter in Detail

Backscatter has long annoyed me. But, I've been even more annoyed at the lack of comprehensive information online explaining exactly what backscatter is, and why it sucks. Without material to reference, it's hard to explain the problem to others. Thankfully, this is starting to change, as more savvier email administrators learn about the problem of backscatter, and share their expertise with the world.

Here's a great example of that. Terry Zink of Microsoft's Exchange Hosted Services has done a very detailed write up on backscatter. What it is, why it happens, what you can do to prevent it, and more.

Let's start at the end. Terry writes:

  • Don't make the problem worse by contributing to it:
  • Don't accept mail, and then bounce.
  • Don't use Challenge/Response, and don't allow your users to, either.
  • Configure your virus scanner to silently strip or discard viruses/worms instead of sending a notification back to the sender.
  • Don't run autoresponders, out-of-office notifications, etc. (Or maybe you only send auto-responses to senders who pass a DKIM or SPF check.)

After you've read and digested that, I recommend reading the rest of the series:

Terry's my hero for taking the time and spending the effort to document the backscatter problem in this much detail. Thanks, Terry!



  1. I need to give credit to your blog, of course. Your original suggestions for not contributing to the problem of backscatter inspired the post. I merely paraphrased it.


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.