Significant Backscatter
2007-09-21
One-minute read
Experienced my first significant backscatter on one of my domains today. Good times. Here’s how backscatter happens:
- spammer forges the sender in email, such as ‘From: NameGeneratedBySpammersEvilSoftware@example.com’;
- server which receives the forged email bounces the message;
- since the spammer used my domain as the sender, the bounce comes to my domain;
- since the spammer guessed a name that doesn’t actually exist, my mail server is unable to deliver the bounce message locally (generating a double bounce);
- my mailserver then sends the double bounce to postmaster at my domain; since I’m the postmaster, it sucks to be me.
Over a 5-hour period, I received 1200 of these little messages. Some of this is caused by my use of qmail. Qmail will accept a message for delivery at the SMTP stage, then realizes there is no suitable recipient. At that point it has to generate a bounce and return it to the sender – who was forged, creating a double bounce. Might become necessary to install chkuser – it refuses to accept email unless there is an actual recipient. We’ll see. At the moment, the rate of backscatter has dropped to a few per hour.