Glossary Home

Email Backscatter

What is email backscatter?

Backscatter emails are bulk bounce messages received by an individual for emails that were never sent by them. In short, a spammer spoofs an email address in the "from" address/ return path while sending spam messages to unsolicited recipients. The intention of spammers using backscattering is to find a workaround to deal with the anti-spam filters set up by an organization and fill the user's mailbox with spam emails and in turn, hack sensitive data.

What you must know about email backscatter?

Below is how you receive Backscatter emails:

  1. A spammer or a scammer picks an email address from a website or a forum post or from information available from a private or a public server to which they have access.
  2. When sending bulk unsolicited messages, the spammer spoofs your email address in the from address/ return path of the email and sends it to multiple users.
  3. The mail server attempts to deliver the emails to the recipient list and sends a bounce message in the following instances:
    • Unknown/ non-existent recipients
    • Spam content in the email
    • SPF/ DKIM/ DMARC failure
  4. The user whose email address was spoofed in the from/ return path receives bulk bounce messages in their inbox for emails that he/ she never sent.

Downsides of backscatter

Email Backscatter results in:

  • Email overflow - The user's inbox gets filled with a huge number of spam emails.
  • Email block - Chances are high that the email server blocks your account from receiving further emails. This is to prevent server overload due to sudden spurge of bounce.
  • Blacklisting - In addition to the email overflow, your email address/ domain may be added to grey-list or black-list by receiving servers. In such cases, even your valid emails get blocked by the servers.

Best practices to prevent backscatter

Some of the best practices to avoid receiving backscatter mails are:

  • Configure your organization domains' SPF, DKIM and DMARC appropriately.
  • Do not post your email address in public forums or in direct messages (DMs).
  • If it is mandatory to add your email address in public forums, replace "at" in place of "@" and "dot" in place of "."
  • Mask the email address.
  • Use forms in websites with captcha to avoid spam and password decryption.
  • Do not encourage long forward chains.
  • Try to use disposable email aliases, and subdomains to detect and bounce spam sources, without affecting your normal email address.