Most Popular
Recently Added
Recently Updated

Email Bounces, Joe Job attacks and Backscatter

"Joe Job" attacks and "Backscatter" are terms describing bounced email messages.
The term Joe Job and Backscatter are roughly synonymous.

Neither of these types of bounce backs will cause your domain name to be "blacklisted," since the email is not being sent through your email account. 

The Joe Job is a malicious abuse of email service, described best here:

Backscatter can be a side-effect of spammers trying to make their emails look like they come from real people, as well as legitimate bounces; like those you receive when sending to an over quota email account, or mistyped email address.

Some web sites would have you believe that "backscatter" is a misconfiguration or problem that the Web Host can easily fix. This is entirely untrue. Yes, a Web Host can improve their email service such that bounces sent out to the greater Internet are reduced. However, this does not solve the inbound email issue described here.

Likewise, some anti-spam folks say, "well just deny all bounces." This not a very practical approach, since you would then not receive a variety of required types of messages, like over quota bounce backs, email confirmation requests (e.g., replies from Spamarrest, etc.), and legitimate email address typo bounces.

So, where does most spam come from?
Dictionary harvesting is the most common form of spam delivery.
Automated scripts (aka, webbots) generate and send thousands of permutations of the first part of the address before the @ sign, against random domains, or a specific servers list of domains.

Hacking a server is not required in order to do this. The persons or scripts involved are simply sending thousands of email messages to random addresses at random domain names, in hopes of hitting valid email addresses in the process.

Address book culling viruses (like the "I Love You" virus of 2000) scan the address books and bookmarks of infected computers. Then, using the "Zombie computer" send spam to and from those addresses indiscriminately until the infected computer is turned off or disinfected.

So what can we do reduce the receipt of junk email?

1. Use less obvious email addresses to protect against "dictionary harvest attacks." This will reduce the likelihood that spammers will forge your email address and send junk email to you. For example, first initial, last names, like "jsmith@" are less spammable than "joey@" or "sales@."
A little secret: The reason people report receiving fewer spam messages on services like Yahoo and Hotmail is largely due to the randomness of the addresses they force on their customers, and less so on the quality of their email filters.

2. Remove all text email addresses listed on web sites.
Junk email list distributors commonly gather email addresses by scanning web sites using automated webbots or robots

3. Limit the use of autoresponders.
Autoresponders are particularly tasty working addresses for spammers. Autoresponders make it very easy for a would be spammer to send spam using your email account. This is the one case where you may be held responsible for the junk email sent through your account, and this could result in your server becoming blacklisted respectively.

4. Turn off or disable your default or catchall email address.
A catchall email setting allows delivery of every randomly addressed email message.

What can I do about this?

Quarantine solutions like Spamassassin, or our Spam Protector service are far more effective at reducing Joe Job style attacks and backscatter than email without these filters.

If you have an account using the cPanel control panel, you may use the "Mail > Email Filtering option" to set up your own personal email firewall to discard incoming bounces with common header or body text, like "User unknown," "Delivery Status Notification" or "Delivery to the following recipient failed permanently."

Email software filters/rules may likewise be helpful in discarding or redirecting bounces direct to trash. In Microsoft Outlook:

See "Junk Email Rules" to direct these types of messages to the Junk Email folder or Deleted folder.

To block email from non-US domains, like .ru, you may block email from other countries using the "Actions > Junk E-Mail > Junk E-Mail Option."


Properties ID: 000121   Views: 2274   Updated: 13 years ago
Filed under: