User Tools

Site Tools


how_to:backscatter

Backscatter

In email, “backscatter” is the term used if you send bounce messages back to spam messages. As most spam messages use forged email addresses, then the bounce messages will go to an innocent person, who will find them very annoying.

Stopping VPOP3 from sending Backscatter

If you receive email using an incoming SMTP feed or individual POP3 mailboxes at your ISP, VPOP3 should not generate any backscatter.

The main cause of Backscatter with VPOP3 is using a catch-all POP3 mailbox. If this is the case for you, go to Mail Connectors → Mail Collectors → (name) in the VPOP3 settings, and go to the Routing Errors tab. Now, turn off Send a bounce message to the sender.

Note that if you do this, then any legitimate senders who incorrectly an address an email to you will not receive notification of this. If you have a POP3 catch-all account, then the choice is between not sending these notifications or generating lots of backscatter.

The best solution, if you have a static IP address with an 'always on' connection, is to change to having an SMTP feed for your incoming mail.

Reducing the reception of Backscatter

Unfortunately there is no way of stopping receiving backscatter totally. If a spammer decides to forge your email address when sending their spam, you will receive some backscatter.

Two ways of stopping backscatter which are supported by VPOP3 are:

  • BATV (Bounce Address Tag Verification)
  • SPF (Sender Policy Framework)

BATV

BATV is enabled on the Settings → Misc SettingsBATV tab.

To enable BATV, simple check the Enable BATV box, and put some 'secret' text in the BATV Secret box.

It doesn't matter what the secret text is. BATV works by modifying the outgoing 'bounce address' (or Return Path) using a mechanism based on the BATV Secret. If a bounce message arrives back at VPOP3, it checks that the address the bounce message is sent to was generated using the same secret. If so, it is allowed in, otherwise the bounce message is rejected.

You can only use BATV if you can receive emails to ANY address at your domain. The bounce addresses generated by the BATV mechanism will not be the same as your normal addresses, so if you can only accept mail to certain addresses, bounce messages will not be delivered to you.

SPF

SPF is not enabled in VPOP3 at all. To enable SPF you need to create a DNS record for your domain at your domain hosting company.

SPF is a way of telling other mail servers which IP addresses are allowed to send mail from your domain. Then these other servers can choose not to send bounce messages back in response to messages which didn't come from allowed servers.

The best place to go for SPF information is http://www.openspf.org/

how_to/backscatter.txt · Last modified: 2018/11/14 10:45 by 127.0.0.1