7020932: Getting Flooded by Mailer-Daemon and Postmaster addressed email (BACKSCATTER)

This document (7020932) is provided subject to the disclaimer at the end of this document.

Environment

GWAVA 4, 5, & 6

Situation

Email system is flooded with Mailer-Daemon and Postmaster email

Resolution

These emails are most likely caused by “Backscatter”. This is a common term used to describe undeliverable messages generated by an SMTP server. It is important to understand that these emails are not typically spam. Rather they are legitimately created email messages generated by a compliant SMTP server. The most likely cause is a spammer originated the message, sent it to an open relay or SMTP appliance of some sort, and faked the reply address using a dictionary attack or some other means. When the SMTP relay/appliance attempted deliver to the correct address and was rejected, the only address it could go on to send an undeliverable message to was the reply address. Meaning that the mailer-daemon message created by the SMTP server is sent to you, an unsuspecting email address, rather than the real originator.

For more information about backscatter and ways to avoid it, try the following link or search “backscatter” on your internet search engine.

http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 228

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Leave a Reply