Backscatter Blacklist Removal & Fix
Question asked by Bob Bell - 12/30/2019 at 4:08 PM
Using SmarterMail Enterprise Version - 16.3.6897 - How do I fix the problem that gets me blacklisted on Backscatter.org?

If I understand correctly when someone sends an email to a user that does not exist, SmarterMail will send an auto-reply stating that we could not deliver your message - the user doesn't exist.

How can I stop those (legitimate) emails from being sent?

In my opinion, that's a stupid blacklist. Those are legitimate emails. 

Here's what really irks me. How does Backscatter even know about the auto-replies? THEY MUST BE SENDING THE SPAM to invalid users, right? It's a setup. I was framed!

In any event, what setting in Smartermail 16.3.6897 do I change to keep me off the blacklist? And where is it located in the Admin... 

Thank you kindly!
Web Engineer

3 Replies

Reply to Thread
Kyle Kerst Replied
Employee Post
Hi Bob! I think all you need to do is head over to Settings>Antispam and configure the Content Filter Bouncing drop down menu to reflect Require message pass SPF. That should help prevent blacklisting due to bounces. 
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Douglas Foster Replied
Given the previous post on this issue, I suspect the real issue is that the backscatter service is generating false positives.   It would help if we had details about which backscatter RBL is causing the trouble.

An additional configuration point is this setting:

Site Administrator... Antispam... Options:  
  • Autoresponders = Disabled, 
  • Content Blocking Bounces = Disabled.
I am moving to a three-stage configuration:   inbound gateway -> mail server -> outbound gateway.  I think it has significant theoretical advantages, because the requirements for anti-spam are very different in each of those stages.   
  • Stage 1 is focused on detecting and blocking incoming garbage.  Message deletion is primary.   
  • Stage 2 is focused on identifying infected source systems or compromised user accounts.   Auditing and alarming to contain outbreaks is primary.
  • Stage 3 has the same issues as stage 2, plus data loss prevention.  DLP and encryption are primary.  
Given the different requirements, it is entirely likely that different tools will be needed at each stage.

If you have this 3-stage architecture, you simply use your firewall to disable outbound SMTP from Stage 1 and Stage 2 servers.   Traffic that can be rejected at Stage 1 will cause an NDR from the submitting server.   Traffic that is rejected after that point might generate an NDR, but the firewall will block the traffic.  The NDR will be discarded after sufficient time has elapsed.  Autoresponders will still be an issue.

Of course, if you are actually generating backscatter, it suggests that your spam filtering is inadequate or misconfigured, because detected spam should be discarded silently.   So you need to investigate the adequacy of your Stage 1 filters.

For Stage 1, I am stunned by the capabilities of Declude.  Sadly, I am only now deploying it, after 15 years using expensive products with less capability.   I plan to post a description of my implementation approach after I have sufficient results.

Bob Bell Replied
Great thanks. I will try that and see if it keeps me off the blacklist. I had it set to require SPF if SPF was found. I changed it to always use SPF.
Web Engineer http://www.fullblownwebdesign.com

Reply to Thread