What is Backscatter Spam?
Backscatter spam is the term used to describe the consequence of spammers launching a Reverse NDR attack on vulnerable mail servers. These servers receive large quantities of spammer messages to fictitious and non-existent email addresses in their domain. Not deliverable as addressed, the email server sends a non-delivery report (NDR) to whoever is addressed as the sender in the original message. These returned NDR messages are backscatter spam. HOW TO DETECT BACKSCATTER SPAM To determine if a domain is used in a backscatter spam attack, look for an unusually high number of NDR messages. These are easily identifiable by the presence of “<>“, denoting a blank sender address. Extreme cases of backscatter spam will slow or stop email delivery as the server tries to handle increasing volumes of NDR messages. CMS has defined this situation as a distributed denial of service spam attack (DoS spam) since the backscatter spam may arise from multiple vulnerable email servers.
