What Is Backscatter Spam?
A common occurrence in Microsoft Exchange Server 2007 is receiving “backscatter spam”. “Backscatter spam” is used to describe when an email server has received a message, and then it in returns sends a bounced message stating that the message could not be delivered.
It is common for an email server to send a message that email sent could not be delivered, but in the case of backscatter spam, someone wanting to spam another person’s address will send numerous “spoof” non-delivery messages to the victim’s address, as if the victim had originally sent them.
As a result of backscatter spam, the victim’s email address is used to spoof sent messages, and they in turn receive messages that the bounced messages were not delivered.
Backscatter Spam Is More Common In Exchange Server 2007
Anyone using Exchange Server 2007 without changing the defaults is susceptible to receiving backscatter spam in their inbox. In Exchange Server 2007, messages that are not delivered are termed, “non-delivery reports” or NDRs. When first used “out of the box” Exchange Server 2007 is already programmed to allow the inbox to receive NDRs.
If Your Server Is Sending Backscatter Spam
One would think that simply by unticking the box in Hub Transport>Default Properties>Format of original message sent as attachment, then the backscatter spam would not be sent by the server.
In reality unticking this box will send any spam messages generated back to the original server that sent the message (the spammer’s server) but it will also prevent the intended victim from receiving any NDRs of email addresses that were typed incorrectly. The best way to stop backscatter spam in Microsoft Exchange 2007 would be to go to the source of the problem and stop spam from being sent into the inbox.
Another method that can be used to prevent your server from sending spam is called “connection filtering.” Websites such as backscatter.org contain a list of website and IP addresses from which spam commonly originate from. It is simply a matter of preventing IP addresses used by spammers to send mail.
It is possible to disable non-delivery reports in Microsoft Exchange 2007. After opening Exchange,
Open the System Manager (ESM) and
Expand it to show the Global Settings.
On the left open the Internet Message Formats, and right-click the mouse to select Default and scroll down to Properties.
On the Properties window, select Advanced, and uncheck the box “Allow non-delivery reports”.
Press OK to save the new setting.
What the above settings will do is prevent anyone from receiving non-delivery reports, however it is possible to allow only certain email addresses to receive NDRs. To do this,
Go to Administrative Groups, and click to expand the First Administrative Group section.
Scroll down to Servers, and expand this to view the servername, SMTP, protocols.
This would bring you to the Default SMTP Virtual Server, and click it open to view its properties.
Under the Default SMTP Virtual Server, press Messages, and then input any addresses in the Send Copy Of Non-Delivery Report To area.
It is also suggested that an email address for the postmaster be created to handle any non-delivery reports that are received. This will prevent the actual message being received, but the sender will receive a message to send it again.
If Your Server Is Receiving Backscatter Spam
If your server has been receiving backscatter spam, it would not be enough to simply block messages from certain IP addresses or domains, because in the process this would block receiving legitimate emails. However if your server is receiving backscatter messages, then utilizing a variety of anti-spam software such as Spam Smacker should clear the problem.