In order to understand what backscatter is, you first need to understand email bounces - also called delivery status notifications (DSN) or non-delivery reports (NDR).
A bounced email is an email that was returned by the recipient's email server, with an error message indicating the reason the email was not delivered. For a more detailed explanation of email bounces, check out our article "Why is my Email Bouncing."
Now that you understand email bouncing, let’s look at an innocent example: say you send an email to an old friend, using her last known email address. The email address is no longer valid, however, or you spell it incorrectly. The email server that receives your message decides that the recipient is invalid (there isn’t any such user on this system, dude!), and returns your email with an error message.
But how did the server know the address (your email address) to send the error message to? It used the from or reply-to email address, at least one of which is included in all email messaging.
All makes sense, right? It works perfectly, until…
Someone decides to provide an email address that isn’t theirs as the from or reply-to email address. Then the recipient’s server is fooled into sending the error message to an address other than the sender’s. Why would anyone do this? Hmmm – think spammer. Spammers often use other people’s email addresses as the reply-to address, so that they don’t get all the bounces from wrong addresses and spam protection systems cluttering up their own server (nice folks, eh?).
These bounces are a problem if they are coming from external servers, since the external server won’t know if the reply-to address is a real user, or a forged user, or a non-existent user. Since every problem must have a special name, the term “backscatter” is used to describe bounced messages originating from external servers.
Backscatter is considered SPAM by most IT organizations, and as such, your server can become blacklisted if it bounces messages from non-local senders. Ironically, some spam filtering systems may generate backscatter, which can again lead to blacklisting (i.e. the spam filter is blacklisted for spamming)!