My mail server got blacklisted because of backscatter. That is where the sender sends spam to an address that doesn't exist on your server, but they also forge the "from" address, so the "this message could not be delivered" response, complete with the spam message, is sent "back" to the forged address (the spammers real target)

It took several months or a large payment to the people maintaining the blacklist for my server to get unblocked (it wasnt critical so I didnt pay). Seemed like extortion to me, but Google and others respected this particular blacklist.

Im not sure if this list still exists. It was on the blacklist checking websites at the time

Which blacklist was it and how much did they charge? I have always wondered which are more mafia-esque and which less, as they all act so innocent but are also so adamant about hiding their pricing.

It was backscatterer.org. I seem to recall it was in the low hundreds, but it was quite a while ago now.

I'm guessing backscatterer.org

The fix is to configure your MTA so that it doesn't send backscatter

It was backscatterer.org. I don't recall how simple the fix was, but I couldn't find much information on it at the time. The list appeared last in the blacklist tools so I figured it was a fairly new thing.

How can you know when you're about to send a bounce to a backscatter? I'd love to know this!

Sorry for the extremely late reply, but you can test using http://its-netzwerk.com/bscatter/

Alternatively attempt to send a message to a nonexistent address on your MTA using telnet which should throw an error after "RCPT TO" if the server is configured correctly Steps to test SMTP via telnet: https://my.esecuredata.com/index.php?/knowledgebase/article/...

Thank you for your reply. From my understanding, what you suggest is that a backscatter uses a return path email that does not exists?

My understanding was that a backscatter uses an email that is not his, in order to deliver a message without sending it directly (and making the bounce server act like a spammer).

Am I missing something?

Here is a good blog post [1] that explains backscatter and some ways to help prevent it.

[1] https://willem.com/blog/2019-09-10_fighting-backscatter-spam...

Thanks!

It really doesn't take much at all to get blacklisted by Gmail or others. Companies like MailChimp have agreements in place with Google.

Unfortunately, mail delivery is far, far harder than it should be.

> Unfortunately, mail delivery is far, far harder than it should be.

However, we still receive spam e-mails to our inboxes.

According to a friend at a large ISP who engineers their anti-SPAM, 93% of all email they receive is SPAM and dropped before routing to your junk folder. So for each 1 you receive, several dozen were sent to the bit bucket.

I work for a company that sales anti-spam and this is absolutely true. It is an unending battle between spammers and the people building the filters. We are also constantly getting RBL'ed by groups including Google and Symantec who know who we are as we have had business agreements with them in the past.

Anecdotal but I never receive spam in Gmail, neither in my GSuite inbox nor Gmail.

Also anecdotal, but I get maybe 1 spam/month in my GMail inbox and the same amount in my fastmail inbox.

But how many important real mails have you lost because you didn't check the spam folder?

I use SendGrid and STILL have to ask major companies to fix their spam filters.

I trust that you've planned for the inevitable demands from criminal investigators. And perhaps seizures.

Example: https://cock.li/transparency/

Could you please stop posting links to your company? You've been overdoing it, which is why your comments are getting downvoted and flagged.

Or maybe do not contact him at all. I am not sure he'd appreciate the spam.