Being listed by ips.backscatterer.org does not mean you or your customers are sending spam. It does indicate, however, that your server’s SMTP service may be misconfigured to bounce/forward mail. It may also mean that your server’s SMTP service is using potentially abusive techniques to discover information about those sending mail to your server.
Some SMTP services are configured to bounce mail back to forged From addresses or perform what are known as "call-outs" to other services based on forged information provided to your SMTP server during the connection from some third party. These "call-outs" are connections made by your server to other servers on the Internet.
Possible reasons for being listed by ips.backscatterer.org are below along with the reasons these are discouraged:
- Backscatter by Misdirected Bounces (Reference)
- Spammers can leverage your SMTP service’s misconfiguration to bounce spam back to a forged From address. It will appear to come from your server and may result in other DNSBL/RBL blockages.
- Backscatter by Misdirected Autoresponders (Reference)
- Spammers can leverage your SMTP service’s misconfiguration to auto-respond to spam back to a forged From address. It will appear to come from your server and may result in other DNSBL/RBL blockages.
- Backscatter by Sender Callouts to verify sender (Reference)
- If enough illegitimate mail is sent to your server and other servers that have the same misconfiguration it can effectively serve as a Distributed Denial of Service (DDoS) attack against a target.
The actual procedures to configure each of the following solutions will differ depending on which SMTP service you are using (eg: exim, postfix, qmail, Microsoft SMTP) as well as which operating system your server is using. There may also be additional protections and methods available to you if server management software like cPanel or Plesk is being used.
An overview of recommendations for mitigating backscatter may include:
- Configure Apache SpamAssassin™ to not bounce spam by default.
- Enable Greylisting
- Sender Verification Callouts should be disabled
- Configure SPF verification
- Allow DKIM verification for incoming messages should be enabled
- Reject DKIM failures should be enabled
- Default non-existent email addresses/default catch-all) to be set to a “black hole”
If you have received a notice from the Abuse and Security Management department please be sure to respond with any steps you plan to take going forward.
To contact technical support please refer to Opening a Customer Service Ticket.