emailondeck logo

You are
the
GREATEST

 
 
API Access?
Advanced Features?
EmailOnDeck PRO
 

Insightful Articles:

Avast Antivirus CyberCapture, great feature or privacy concern?
September. 24th 2016
 
Temporary Email for Bay Area FasTrak Violation
September. 10th 2020
 
How to protect your privacy with a common browser fingerprint
December. 19th 2022
 
3 things you can use a temporary email generator for.
February. 11th 2016
 
Fake email generator vs Temporary email generator
February. 16th 2016
 
Top mobile games for Android and registration via anonymous email
October. 16th 2017
 

Email Backscattering - How to Save Your Inbox and Reputation from this Sneaky Cyber Attack

Guest Author:  Jennifer Radcliff
Jennifer Radcliff photo

Email backscattering is a sort of email abuse that can cause major issues for both the recipients of the bounce messages and the owners of the forged sender addresses. In this blog post, we will discuss what email backscattering is, how it operates, how to prevent it, and some notable instances of email backscattering.

What is email backscattering?

Email backscattering is a type of email abuse wherein a third-party server sends a bounce message to the spoofed sender address of a spam email. This occurs when a spammer sends an email with a falsified sender address, often known as a "spoofed" address, to a significant number of recipients. When the email servers of the recipients reject the email, they send a bounce message (also known as a non-delivery report or NDR) to the forged sender address. As a result, the recipient of the bounce message receives a huge number of bounce messages, which can lead to severe issues such as mail server overload, IP blockage, and damage to the reputation of the domain associated with the falsified sender.

How it works

When a spammer sends an email using a faked sender address, the recipients' email servers will reject the email since it appears to originate from a real source. The servers will then send a bounce message to the spoofed sender address, informing the recipient that the email could not be delivered. This phenomenon is known as backscattering. The spammer may employ a huge number of distinct fraudulent sender addresses, resulting in a significant number of bounce messages being sent to the receivers of these addresses. This might result in serious issues for the recipients, including mail server overload, IP blocking, and reputational damage to the domain of the counterfeit sender.

Protection against backscattering

Several best practices can be performed to safeguard against email backscattering. Configuring the email server to not deliver bounce messages for emails with a fake sender address is one of the most effective methods of preventing backscattering. Various email authentication methods, such as DMARC, SPF, and DKIM, can also be utilized for this purpose. In addition, anti-spam and email filtering technologies can assist in detecting and preventing backscattering. These technologies can assist in identifying and blocking spam emails before they reach the recipients' inboxes, hence lowering the possibility of backscattering.

Historical examples

In 2001, a worm known as the Sircam worm was released, demonstrating the use of email backscattering. The worm spread by sending copies of itself to email addresses, located on infected computers, using the "envelope sender" address of the affected user. As a result, many individuals received bounced messages for emails they did not send, and some email servers were overloaded with NDRs.

Email backscattering is a sort of email abuse that can cause major issues for both the recipients of the bounce messages and the owners of the bogus sender addresses. It is crucial that email administrators and security professionals are aware of it and take the necessary precautions to avoid it from disrupting their networks. It is feasible to protect against email backscattering and avoid detrimental effects on email delivery and the recipient's inbox by applying best practices and utilizing available solutions. Additionally, it is essential to remain informed about major instances of email backscattering in order to comprehend the potential hazards and consequences.

Email backscattering is a low-level technical notion that is rarely discussed in the majority of companies. However, it is crucial to be aware of it and to take the necessary precautions to avoid it from occurring.

Preventing Email Backscattering with Postfix

Email backscattering is a kind of email abuse that can cause major issues for both the recipients of the bounce messages and the owners of the bogus sender addresses. Configuring the email server to not send bounce messages for emails with a fake sender address is one approach to prevent backscattering. Here are a couple ways on how to configure Postfix in order to prevent email backscattering.

First, it is necessary to change the Postfix configuration files. The primary Postfix configuration file is main.cf, which is found in the /etc/postfix directory. The following line must be added to the configuration file:

bounce_notice_recipient = /dev/null

This line instructs Postfix to delete bounce messages as opposed to forwarding them to the spoofed sender address. By discarding the bounce messages, we are able to prevent backscattering.

The following step involves updating the Postfix access file. This file specifies which email addresses are permitted to send email from the server. The following line will be added to the access file:

sender_access = hash:/etc/postfix/sender_access

This line instructs Postfix to retrieve a list of allowed sender addresses from the sender access file. The server will refuse any email that does not come from an address on this list.

Additionally, we must generate the sender access file and add the approved sender addresses. The file must reside in the /etc/postfix directory and each line must have an email address.

After upgrading the configuration files, Postfix must be restarted for the changes to take effect. This can be accomplished by executing the following command:

sudo service postfix restart

By following these steps, we have configured Postfix to prevent email backscattering by discarding bounce messages. If you want to send NDRs to email addresses that are likely to exist, you can modify Postfix to check the SPF records of the sending domain.

Preventing Email Backscattering with Postfix via SPF

Alternatively, the Sender Policy Framework (SPF) can be used to authenticate the sender's domain and reject emails that fail the authentication in order to prevent backscattering. In this post, we will demonstrate how to configure Postfix with SPF to avoid email backscattering.

First, it is necessary to change the Postfix configuration files. The primary Postfix configuration file is main.cf, which is found in the /etc/postfix directory. The following lines must be added to the configuration file:

smtpd_recipient_restrictions = reject_unknown_sender_domain, ...

This line instructs Postfix to reject any email originating from a domain not permitted by SPF.

The next step is to build an SPF record and publish it to the DNS for your domain. This can be accomplished by adding the following value to a TXT record:

v=spf1 mx -all

This SPF record allows only the mail servers listed in your domain's MX record to send email from your domain.

After updating the configuration files, Postfix must be restarted for the changes to take effect. This can be accomplished by executing the following command:

sudo service postfix restart

Using SPF, we have set Postfix to prevent email backscattering by following these steps. By rejecting emails that fail SPF authentication, we may safeguard against email backscattering and prevent detrimental effects on email delivery and the mailbox of the recipient.

It is crucial to note that this is only one method for preventing email backscattering; other methods, such as anti-spam and email filtering systems, can also be employed. Additionally, it is essential to remain informed about major instances of email backscattering in order to comprehend the potential hazards and consequences.

In addition, it is advised to utilize additional authentication mechanisms, such as DMARC and DKIM, to improve security and prevent backscattering.

Good luck out there!

 
 
SSL and TLS certified