Why It Matters
Backscatter is more than annoying — it can damage your domain reputation. If your address shows up in thousands of bounced spam messages, ISPs may start associating your domain with spam activity. It's also a sign that your domain lacks DMARC enforcement, which means spammers are actively exploiting it for phishing or spam campaigns.
How It Works
A spammer sends millions of emails with your address in the "From" field. When those emails bounce (because the recipients don't exist, or the server rejects them), the bounce notices get sent to you — the apparent sender. Some mail servers are smart enough to suppress these, but many aren't, especially older systems.
The root cause is that SMTP doesn't inherently verify sender identity. That's exactly the gap that SPF, DKIM, and DMARC were designed to close.
Quick Tips
- Set your DMARC policy to p=reject. This tells receiving servers to drop emails that fail authentication, which stops most backscatter at the source.
- If you're already being backscattered, set up inbox filters to auto-archive bounce notifications with specific patterns (like "Delivery Status Notification" from unknown servers).
- Report sustained backscatter to your email provider — they may be able to help filter it at the server level.