EmailDiscussions.com - View Single Post - Spike in amount of backscatter spam in inbox

n5bb · 20 May 2016, 03:31 AM

The subject of this email thread concerns backscatter spam, so I'm going to assume that everyone posting in this thread is describing their experience with backscatter, which is not email directly addressed to you from a spammer.

Backscatter messages were sent by a spammer to an email address which is not yours and which does not exist. The message you receive nearly always has a subject line created by the innocent email system generating the bounce, such as "Mail delivery failed: returning message to sender". The From header on the bounce message you received is usually something such as "Mail Delivery System" or "Postmaster" at a system address for that domain.
If you receive a spam message directly (not a bounce), it's not backscatter and the comments in this thread are not necessarily relevant.

Fastmail adds a X-Backscatter header when the message appears to be an automated response which was not triggered by a message you genuinely sent, and quite a few spam messages seem to cause this header to be generated, even if the headers indicate the message is not a bounce. I believe this is because these spam messages (and a few non-spam messages) have an empty Return-Path header.

Here is my experience in the past 60 days - that's how long I keep old spam (96 spam messages as of today):

The NotFound1 tag is added if the original message which generated the backscatter can't be found.
I find that about 22% of the true spam messages I receive have a X-Backscatter: NotFound1 header.
Only two (2%) of the messages I have received (X-Backscatter: yes) in the past 60 days are true backscatter spam, and they appear to have been sent by the same spammer on adjacent days.
I find a few ham (good) messages which contain the X-Backscatter: NotFound1 header, but these are pretty rare. I think this may be because the sending servers were somehow blacklisted.

If you want to perform your own tests on messages stored on your account, perform searches with these search strings:

header:"X-Backscatter: yes"
header:"X-Backscatter: NotFound1"

Every true spam message I get with the header X-Backscatter: NotFound1 is marked with spam score of at least 1.8, and nearly all have scores of 3.8 or greater. Only a very few ham (non-spam) have this header set (when the Return-Path is empty). So my feeling is that it's fine to use the header X-Backscatter: NotFound1 to file messages to your Spam folder as long as you are checking this folder periodically for ham.

I am checking with Fastmail staff to see if my interpretation of the empty Return-Path header causing X-Backscatter: NotFound1 is correct.

Bill

20 May 2016, 03:31 AM	#44
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,929	The subject of this email thread concerns backscatter spam, so I'm going to assume that everyone posting in this thread is describing their experience with backscatter, which is not email directly addressed to you from a spammer. Backscatter messages were sent by a spammer to an email address which is not yours and which does not exist. The message you receive nearly always has a subject line created by the innocent email system generating the bounce, such as "Mail delivery failed: returning message to sender". The From header on the bounce message you received is usually something such as "Mail Delivery System" or "Postmaster" at a system address for that domain. If you receive a spam message directly (not a bounce), it's not backscatter and the comments in this thread are not necessarily relevant. Fastmail adds a X-Backscatter header when the message appears to be an automated response which was not triggered by a message you genuinely sent, and quite a few spam messages seem to cause this header to be generated, even if the headers indicate the message is not a bounce. I believe this is because these spam messages (and a few non-spam messages) have an empty Return-Path header. Here is my experience in the past 60 days - that's how long I keep old spam (96 spam messages as of today): The NotFound1 tag is added if the original message which generated the backscatter can't be found. I find that about 22% of the true spam messages I receive have a X-Backscatter: NotFound1 header. Only two (2%) of the messages I have received (X-Backscatter: yes) in the past 60 days are true backscatter spam, and they appear to have been sent by the same spammer on adjacent days. I find a few ham (good) messages which contain the X-Backscatter: NotFound1 header, but these are pretty rare. I think this may be because the sending servers were somehow blacklisted. If you want to perform your own tests on messages stored on your account, perform searches with these search strings: header:"X-Backscatter: yes" header:"X-Backscatter: NotFound1" Every true spam message I get with the header X-Backscatter: NotFound1 is marked with spam score of at least 1.8, and nearly all have scores of 3.8 or greater. Only a very few ham (non-spam) have this header set (when the Return-Path is empty). So my feeling is that it's fine to use the header X-Backscatter: NotFound1 to file messages to your Spam folder as long as you are checking this folder periodically for ham. I am checking with Fastmail staff to see if my interpretation of the empty Return-Path header causing X-Backscatter: NotFound1 is correct. Bill Last edited by n5bb : 20 May 2016 at 04:11 AM. Reason: Added comments about empty Return-Path header