SPAM and Backscatter
SPAM, Backscatter, multiple MailerDaemon messages
|NOTE: Backscatter may be an indication that an account has been compromised and is being used for spamming and other malicious purposes. It is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.|
The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list OR if your email account has been compromised.
If you suspect that your email account has been compromised, it is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.
If your email account hasn't been compromised (i.e. you've changed your password and checked your email rules and signature), then it is possible that your email account was added to a spam list (it hasn't been compromised but the spammers are aware of your email address). A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.
Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of firstname.lastname@example.org, email@example.com and firstname.lastname@example.org). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that email@example.com doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that firstname.lastname@example.org doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why email@example.com doesn't exist (maybe the sender made a typo, and the correct address is firstname.lastname@example.org). Having some indication that the message did not reach email@example.com, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.
So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.
- Reporting "casual" SPAM to the Helpdesk doesn't help much.
- Reporting backscatter to the Helpdesk, doesn't help much either, but if the volume of backscatter is high, the Helpdesk can at least help you manage it.
- Reporting phishing messages to the Helpdesk is VERY HELPFUL, as the Helpdesk can quickly block responses to the phisher's address. Simply forward the suspected phishing message to firstname.lastname@example.org.
- You can still report any sort of SPAM at http://www.spamcop.net/ -- other people and institutions can potentially benefit from this.