Backscatter spam is also known as bounce back spam. The reason it is called bounce back spam is because someone has sent out spam emails by forging your email address as the sender. When the target of the spam does not exist or his spam protection system rejects the spam email, you will get the non-delivery report emails as it was your email address being used in the sender field.
How can I check if my email address has been compromised or my email address was just forged?
To determine if your server was actually sending out spam, which means your email address has been compromised, you will have to analyze the header of the spam email which should be in the non-delivery report. If you do not see your mail server IP address in the header as the source of the spam email then your email address was just forged by someone else.
Should I be worried?
Yes, when you are dealing with a huge number of non-delivery report emails, your email server may run out of space as well as wasting precious bandwidth. Another side effect is that the original targets of the spammer may mark your email domain as a spammer domain. If you are being blacklisted by one or more spam blacklists, you may find that you are unable to send out legitimate emails.
How to protect myself from backscatter?
There are some steps you can take to mitigate the backscatter spam. They may not work 100% of the time but they should help reduce the number of backscatter spam substantially.
- Create a SPF (Sender Policy Framework) entry in your DNS which is like a whitelist of server IPs that are allowed to send email for your domain
- Create DKIM (DomainKeys Identified Mail) entry in your DNS which is a verification method to confirm that the email content is trustworthy & has not been tampered with since being sent out from the mail server
- Turn off catch-all email address as this email address will accept emails to any email addresses in your domain thus you could face a deluge of spam from the bounced emails