Posted by: paragon | May 14, 2008

Increase in NDR (Bounce) Messages (Backscatter)

Increase in NDR (Bounce) Messages


Over the last several weeks there has been a major increase in the quantity of “backscatter” junk email – specifically, undeliverable email notices (also known as Non-Delivery Receipts).


This generally occurs when spammers ‘spoof’ a valid domain as the supposed ‘From’ address of the junk mail messages. When the junk mail messages are sent to non-existent email addresses, the receiving mail server sends a bounce message to the supposed sender of that junk mail, i.e. to the unsuspecting domain that was spoofed. Given the very high volume of junk mail that spammers send, the unfortunate spoofed domain can see a large number of these bounce messages.


Unfortunately, there is no way to prevent a spammer from spoofing any email address that they want to use. (Techniques such as DKIM authentication or SPF will help identify those messages as spam, but they do not prevent the spammer from sending those messages in the first place.) Similarly, there is no way to prevent mail servers that receive these junk messages from sending bounce messages to that spoofed domain.


These bounce messages can be difficult for a spam filter to block, as these bounces generally look very similar to ‘legitimate’ bounce messages that people receive if they mistakenly send an email to a nonexistent address. Sometimes there is enough left over ‘spammy’ content in the bounce messages that the messages can be identified as junk mail, but it generally does not make sense to block all bounce messages as an ongoing, long-term policy, due to the risk of blocking the occasional ‘legitimate’ bounce messages as well.


(TSB) has added a mechanism that allows us to temporarily block all bounce messages for a domain, so that if or when a domain has been spoofed, an administrator can simply change one setting in the web interface and all the bounce messages to that domain will be temporarily handled as junk mail. After a day or two (when the bounce messages subside), this setting can be disabled.


*** If you would like more information on how to protect scrub your email and add protection from Spam Mail before it reachs your computer, contact The Spam Busters a Service of ParagonHost, LLC (866) 412-HOST (4678)


ParagonHost, LLC

“World Class Internet Services”

(866) 412-HOST (4678)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: