Hacker News new | ask | show | jobs
by bardan 2400 days ago
My mail server got blacklisted because of backscatter. That is where the sender sends spam to an address that doesn't exist on your server, but they also forge the "from" address, so the "this message could not be delivered" response, complete with the spam message, is sent "back" to the forged address (the spammers real target)

It took several months or a large payment to the people maintaining the blacklist for my server to get unblocked (it wasnt critical so I didnt pay). Seemed like extortion to me, but Google and others respected this particular blacklist.

Im not sure if this list still exists. It was on the blacklist checking websites at the time
1 comments
55555 2400 days ago
Which blacklist was it and how much did they charge? I have always wondered which are more mafia-esque and which less, as they all act so innocent but are also so adamant about hiding their pricing.
link
bardan 2399 days ago
It was backscatterer.org. I seem to recall it was in the low hundreds, but it was quite a while ago now.
link
LIV2 2400 days ago
I'm guessing backscatterer.org

The fix is to configure your MTA so that it doesn't send backscatter

link
bardan 2399 days ago
It was backscatterer.org. I don't recall how simple the fix was, but I couldn't find much information on it at the time. The list appeared last in the blacklist tools so I figured it was a fairly new thing.
link
cx42net 2398 days ago
How can you know when you're about to send a bounce to a backscatter? I'd love to know this!
link
LIV2 2393 days ago
Sorry for the extremely late reply, but you can test using http://its-netzwerk.com/bscatter/

Alternatively attempt to send a message to a nonexistent address on your MTA using telnet which should throw an error after "RCPT TO" if the server is configured correctly Steps to test SMTP via telnet: https://my.esecuredata.com/index.php?/knowledgebase/article/...

link
cx42net 2393 days ago
Thank you for your reply. From my understanding, what you suggest is that a backscatter uses a return path email that does not exists?

My understanding was that a backscatter uses an email that is not his, in order to deliver a message without sending it directly (and making the bounce server act like a spammer).

Am I missing something?

link
willbrowning 2392 days ago
Here is a good blog post [1] that explains backscatter and some ways to help prevent it.

[1] https://willem.com/blog/2019-09-10_fighting-backscatter-spam...

link