What is Backscatter?
Backscatter is automatically generated Non-Delivery Report emails (NDR’s) that are returned in response to emails sent to invalid email recipients, most commonly sent by spammers who have made up the recipient email address, and quite often have forged the sender address to.
How do I know if my server is sending out Backscatter?
A quick way to check is to visit
http://www.backscatterer.org/?target=test and enter your IP Address, then click on Test. If you are listed, it will tell you that you are listed. If you are listed – you will be sending out Backscatter – if you are not listed – then you hopefully are not sending out Backscatter (or have not yet had an NDR message hit one of the Backscatterer.org spam traps which will get you listed).
Another way is to check the outbound queues on your Exchange Server Start> All Programs> Microsoft Exchange Server (2007 / 2010)> Exchange Management Console – then click on Toolbox in the left-hand pane and then Open the Queue Viewer in the task pane.
Then double click into a queue with mail that is not going anywhere and see if the sender of the message is <>.
Why is my server sending out Backscatter mail?
When a mail server receives an email message and is not configured for 'Recipient Validation' (Recipient Validation is where the mail server checks to see if the recipient address of an inbound email is valid before accepting the message) then the server automatically accepts the message, processes it, realises that the recipient address is invalid, and automatically sends back a Non Delivery Report email to the sender of the message.
If the mail server is configured with 'Recipient Validation', the server checks all inbound emails for a valid recipient first and if the recipient address does not exist on the server, then the server will immediately reject the email message and no Non-Delivery Report email is sent back to the sender.
Okay – So I am listed – what do I do now?
Open the Exchange Management Shell (Start> All Programs> Microsoft Exchange Server (2007 / 2010)> Exchange Management Shell - and type in the following:
get-recipientfilterconfig | ft RecipientValidationEnabled
You will most likely see the result showing as False (as per the image above), meaning that your server is not filtering Recipients on your server.
To resolve this problem and enable Recipient Filtering, simply type the following in the Exchange Management Shell:
Set-RecipientFilterConfig -RecipientValidationEnabled:$true
Now that you have enabled recipient filtering (as per the image above), you will no longer be sending out NDR emails back to spammers and can request de-listing from Backscatterer.org, which should happen automatically after 4 weeks, or you can pay to be express de-listed.
Comments (14)
Commented:
Author
Commented:If a legitimate sender sends an email and Recipient filtering is enabled, Exchange doesn't accept the message and that's that. It's down to the sending server to tell the sender the response code from the Exchange Server in an NDR message and if the sending server doesn't generate an NDR, then that's down to the configuration of the sending server. It's not your fault because you enabled Recipient Filtering.
@jambear - Blocking port 25 will stop the problem happily - but it also means no emails from anyone else (short of a smarthost using a different port).
Commented:
Jambear's blocking 25: I think he/she meant block outgoing 25 for all hosts on the LAN except exchange's edge/hub, to avoid virus infected hosts sending out spams. This is a separate issue of course.
Commented:
Author
Commented:Blocking port 25 outbound is a very separate issue (and should be done as a matter of course - apart from the Exchange server of course).
View More