Spam Experts Help

How can I Protect Against Bounce Spam?

What Causes Bounce Spam?

Bounce spam happens when a spammer tries to deliver a spam message with your email address in the From field to an unknown address. The mail server accepts the message for delivery but then finds out that the recipient does not exist and sends a bounce email to your email address because it wrongly believes you are the originating sender. Because these bounces do not come from spamming servers, but from legitimate servers, they are very hard to block by any spam filters.

This can be an annoying problem if your mail servers are not properly set up. The SMTP protocol is a very simple protocol that was defined in 1982. Spam was not yet a problem and to keep things as simple as possible, no security measures were implemented in the protocol itself. One result of this is that there is no verification that the "From:" address in an email message actually belongs to the sender.

To try to avoid spamfilters, spammers typically use random email addresses as fake senders. This way they can avoid any simple spamfilter that blacklists based on the sender email address. It is important however that the email address they use as a sender does exist, since spamfilters can apply a "sender verification check" to ensure that the sending address itself exists.

Spam Experts applies advanced methods to identify and block "bounce-spam".

Properly set up mail servers will not cause bounce spam and directly reject the message with a 5xx error code when the spammer tries to deliver it. Unfortunately there are many legitimate mail servers that are incorrectly set up.

Catchall Domains

If you have configured your email system to accept all email sent to any address @example.com, this is called a "catchall domain". The main advantage for you is that you won't have to create a separate mailbox for each address that should work.

Be Advised: The problem however is that if spammers detect that your mail server claims to accept email for any address, they can easily generate random email address and end with @example.com (your domain name) to generate millions of different "valid" email addresses! It's therefore highly recommended to disable the email catchall to avoid spammers from abusing your domain and also generate fake senders for their spam messages.

SPF / DKIM

By setting a Sender Policy Framework (SPF) record for your domain, you reduce the attraction for spammers to use your domain for sending out email. Also signing your emails with a DKIM certificate should further reduce the attractiveness to spoof your domain name for outgoing spam.

BATV Signing

A special "trick" to avoid bounce spam is to sign every outgoing email with a special Bounce Address Tag Validation (BATV). This adds a cryptographic token to the address used for receiving any bounce, which means that it's possible to know for sure whether a bounce is in response to a message that you sent.

To effectively use BATV, you need to be using both the Incoming and Outgoing email filtering, and you must send all your outgoing mail using the outgoing filter. When you send messages, the bounce address is signed, and when you receive bounces, any message that does not have a correct signature is rejected.

If you enforce BATV for incoming messages, and you are not using the outgoing filter to sign your bounce address, then all incoming bounces will be rejected, including legitimate ones. If you enable BATV for outgoing messages, and you are not using the incoming filter to enforce BATV, then you will gain no advantage, and may have trouble receiving legitimate bounces at the destination server that handles your incoming mail.