Backscatter (email)

from Wikipedia, the free encyclopedia

Backscatter (originally a term from physics , see backscatter ) in e-mails is backscatter through delivery status notifications when they respond to fake sender addresses. The functionality of e-mail backscatter is comparable to Distributed Reflected Denial of Service attacks ( DRDoS attack for short ) at the network level.

The automatically sent notifications are not sent to the actual senders, but to the bystanders who were specified as the sender. On the one hand, there are error messages, such as that the address written does not exist, that the email received was spam or that the email contained malware . On the other hand, absence notifications or other automatically sent notices, for example from mailing list processors and other e-mail robots, but also echo mailers , can cause backscatter effects. In particular, error messages about malware and the possibly considerable number of such emails associated with them unsettles the recipients.

remedy

Mail server

Today delivery status notifications are usually only sent to addresses that are authenticated using SMTP Auth . The mail transfer agent preferably aborts the reception early (for example in the course of a failed recipient address validation) so that no subsequent notification is required; this procedure is called before queue filtering.

There are companies that specifically look for mail gateways that allow backscatter by checking them for missing authentication or missing recipient address validation. These then end up on a "black list".

Configuration of the domain

Backscatter is made easier if e-mails for any (i.e. not only for explicitly named) addresses of a domain are accepted via catch-all addresses and are only then passed on to spam filters . If the mail transfer agent is informed about the addresses of its domain instead and works interactively with a virus scanner and a spam filter, backscatter to addresses that do not really exist can be avoided. The catch-all function can usually be configured by the domain owner.

Autoreply

Systems that trigger an autoreply (typically an absence notification) are inevitably at risk of acting as a source of backscatter. As the recipient of an abused sender address, you often cause a certain astonishment. In order to contain the effect, various measures are possible at several levels. These range from the use of procedures such as SPF , BATV to a more complex content analysis, on the basis of which the return is carried out selectively.

Web links

Footnotes

  1. ^ German for example: distributed and reflected denial-of-service attacks
  2. Terry Zink's blog article series on the subject of backscatter