Backscatter is killing us, how are you coping?
We use Message Labs for anti-spam prevention service. They are pretty good at stopping most of the spam, but not all.
For those of you who are not familiar, we point our MX records to Message Labs servers that they specify. Then Message Labs SMTP servers filter out spam and viruses using their own algorithms and forward on the good messages to our inbound SMTP gateway.
The problem is that Message Labs can’t block backscatter as they would block valid non delivery failures in the process.
How are you coping??
We are using iQ.Suite Wall for SPAM control and mainly use 2 jobs for preventing backscatter.
The first job creates a whitelist entry for every recipient on outgoing mail. The second checks if the intended recipient in a NDR is on our whitelist. If not, it is not a legitimate NDR and we just drop it.
We use MSGLABS for both inbound and outbound mail and we get an element of control by using a footer “disclaimer” set on each mail that leaves the company (The footer is set on the MSGLABS config) Basically this is a 16 digit hash the same on all messages. When a message appears in mail.box we have a rule that (a) is this a bounce AND (b) does the BODY does NOT contain the hash. If both of these are true then it is most probably Backscatter and we MOVE TO DATABASE so we can keep a copy. This wont catch all backscatter but it will catch most.
The hard part is the (a) rule which we have on the contents of SUBJECT. We have isolated about 10 different formats for this message but most of them are language variants.
We use SpamSentinel.
No backscatter at all since the BS-function was available and activated
http://www.maysoft.com/
@3 thanks for the mention. For a free version that just works on the backscatter problem, you can try the free SpamSentinel No Backscatter version to see if it helps:
http://www.maysoft.com/nobs
If you configure your inbound SMTP to use DSN (Delivery Status Notification) all NDRs (Non Delivery Reports” will have a form of “NonDelivery Report” which is easier to use for a rule than variants of subjects.
Our company uses the service a company called TTAsia, http://www.ttasia.com. The good thing I like is that they allow each uers to control their own policy. Thus this makes it easy for us to manage users from various departments.
Are MessageLabs using a Barracuda spam firewall? There are known configuration issues with these, that can be fixed.
Do a google search for “barracuda spam firewall backscatter”.
The Barracuda’s most recent firmware has config options to fix this problem.
Maybe you can work with your ISP or messageLabs to get this fixed.
I’m not sure exactly what Messagelabs are using. I would guess that they have their own proprietary system.
Messagelabs is more of a service than a hardware appliance and they are definitely the best in the industry, so if this issue was preventable, I’m sure they would be on the bleeding edge.
We use Webroot Email Security that filters out backscatter attacks. Just simply route all your email outbound through them, they do the rest
Use Webroot Email Security to filter out BackScatter. All you need do is route all your outbound mail through them, they do the rest.