<

Exchange 2007 / 2010 Backscatter and how to resolve it

Published on
40,848 Points
27,648 Views
17 Endorsements
Last Modified:
Awarded
Community Pick

What is Backscatter?

Backscatter is automatically generated Non-Delivery Report emails (NDR’s) that are returned in response to emails sent to invalid email recipients, most commonly sent by spammers who have made up the recipient email address, and quite often have forged the sender address to.

How do I know if my server is sending out Backscatter?

A quick way to check is to visit http://www.backscatterer.org/?target=test and enter your IP Address, then click on Test.  If you are listed, it will tell you that you are listed.  If you are listed – you will be sending out Backscatter – if you are not listed – then you hopefully are not sending out Backscatter (or have not yet had an NDR message hit one of the Backscatterer.org spam traps which will get you listed).

Backscatterer Listing
Another way is to check the outbound queues on your Exchange Server Start> All Programs> Microsoft Exchange Server (2007 / 2010)> Exchange Management Console – then click on Toolbox in the left-hand pane and then Open the Queue Viewer in the task pane.
Then double click into a queue with mail that is not going anywhere and see if the sender of the message is <>.

Exchange 2007 / 2010 Queue - NDR Message to Invalid Domain

Why is my server sending out Backscatter mail?

When a mail server receives an email message and is not configured for 'Recipient Validation' (Recipient Validation is where the mail server checks to see if the recipient address of an inbound email is valid before accepting the message) then the server automatically accepts the message, processes it, realises that the recipient address is invalid, and automatically sends back a Non Delivery Report email to the sender of the message.

If the mail server is configured with 'Recipient Validation', the server checks all inbound emails for a valid recipient first and if the recipient address does not exist on the server, then the server will immediately reject the email message and no Non-Delivery Report email is sent back to the sender.

Okay – So I am listed – what do I do now?

Open the Exchange Management Shell (Start> All Programs> Microsoft Exchange Server (2007 / 2010)> Exchange Management Shell - and type in the following:

get-recipientfilterconfig | ft RecipientValidationEnabled

Recipient Validation Disabled
You will most likely see the result showing as False (as per the image above), meaning that your server is not filtering Recipients on your server.

To resolve this problem and enable Recipient Filtering, simply type the following in the Exchange Management Shell:

Set-RecipientFilterConfig -RecipientValidationEnabled:$true

Recipient Validation Enabled
Now that you have enabled recipient filtering (as per the image above), you will no longer be sending out NDR emails back to spammers and can request de-listing from Backscatterer.org, which should happen automatically after 4 weeks, or you can pay to be express de-listed.
17
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free