Spammers have added tools to their bag of tricks to bypass those pesky spam filters.

Backscatter is a relatively new type where the spammer creates a “fake” sender address, which is actually a known-to-be-good email address. This email will “bounce” off of the recipient’s server due to the content/subject/virus enclosed, and then it will try to bounce back to the original sender — you!

Our typical virus/worm/spam prevention techniques prevent a large number of direct attacks. The reason why these bounce-back spam messages occur is that it is a valid email from a mail system.

The catch is that you never sent it. This does not mean your account or credentials have been hacked or compromised in any way. It simply means that the spammer employed a web-crawler to find, or purchased a list of email addresses to use in their attacks, and yours was found.

This works similarly to sending a letter. You can choose to put whatever you like as a return address (or even leave it blank!) and the post office has no way to verify who actually sent it. If the mail gets rejected, it’s simply returned to whom they assume the sender is.

Typically these are very short-lived attacks. The sender’s IP will be verified by global spam blacklisted and DNS-based lists. Once listed in this manner, most corporate mail servers and larger hosting services(gmail, yahoo, etc) will reject all traffic from the spammer.

There is no good ways to combat this at this time. The only effective way would be to stop sending notifications when an email doesn’t get delivered. We all want to know when an email we send doesn’t get delivered so turning off the “bounce-back” isn’t something anyone wants to do.