Backscatter emails are bulk bounce messages received by an individual for emails that were never sent by them. In short, a spammer spoofs an email address in the "from" address/ return path while sending spam messages to unsolicited recipients. The intention of spammers using backscattering is to find a workaround to deal with the anti-spam filters set up by an organization and fill the user's mailbox with spam emails and in turn, hack sensitive data.
Below is how you receive Backscatter emails:
- A spammer or a scammer picks an email address from a website or a forum post or from information available from a private or a public server to which they have access.
- When sending bulk unsolicited messages, the spammer spoofs your email address in the from address/ return path of the email and sends it to multiple users.
- The mail server attempts to deliver the emails to the recipient list and sends a bounce message in the following instances:
- The user whose email address was spoofed in the from/ return path receives bulk bounce messages in their inbox for emails that he/ she never sent.
Email Backscatter results in:
- Email overflow - The user's inbox gets filled with a huge number of spam emails.
- Email block - Chances are high that the email server blocks your account from receiving further emails. This is to prevent server overload due to sudden spurge of bounce.
- Blacklisting - In addition to the email overflow, your email address/ domain may be added to grey-list or black-list by receiving servers. In such cases, even your valid emails get blocked by the servers.
Some of the best practices to avoid receiving backscatter mails are:
- Configure your organization domains' SPF, DKIM and DMARC appropriately.
- Do not post your email address in public forums or in direct messages (DMs).
- If it is mandatory to add your email address in public forums, replace "at" in place of "@" and "dot" in place of "."
- Mask the email address.
- Use forms in websites with captcha to avoid spam and password decryption.
- Do not encourage long forward chains.
- Try to use disposable email aliases, and subdomains to detect and bounce spam sources, without affecting your normal email address.