What is blowback/backscatter? (Information Technology, Tech Made Simple)

Paul M. Foster (07 October 2011 11:35:38 Revised )

I'd like to answer the question, "What is backscatter?" or "What is blowback?" in the context of email. This post is accompanied by a Youtube video, just to make it easier for those who learn visually.

Here's the situation: You've received an official-looking email from somewhere which says that an email you sent can't be delivered to the person you sent it to. Except you never sent any email to this person.

Now, let me first explain that this used to be a common occurrence. You send an email to a friend, misspell their email address, and one of two things would happen. The first thing that might happen was that, as soon as you tried to send the email, you'd get a window or something which would pop up and tell you that you got the email address wrong, no such person here, etc. The second thing that might happen is that your email would appear to go through, but then a short time later, you'd get a formal-looking but confusing email which would explain, in technical terms, that there was no such person at destination and you made a mistake. (Remember, you misspelled their email address, right?)

You'll rarely have either of these things happen today. But it just so happens that you've got one of these emails in front of you, about an address you didn't send an email to.

(Don't feel bad if it's hard to figure out what this email is actually saying. It was formulated by a programmer somewhere who assumes you know more than you do about this stuff.)

What you have in front of you is a case of "backscatter" or "blowback". Now let me explain what's happened.

First, let's assume there is a spammer somewhere on the internet. His email is bill@spamcorp.com. He's being paid to send a bunch of spam out to various places. He's got 10,000 email addresses he wants to send his spam to. But he's got a problem: he doesn't want to use his own email address as the sender of these emails, for obvious reasons. So what does he do? Well, he just happens to know your email address. Where'd he get that? Who knows, but he has it. So he decides to make it look like you sent all the spam email he's about to send. He does this just by putting your email address on as the sender. If you're a spammer, you know how to do things like that. So he pushes the button and there goes all the spam.

In a little bit, you get your "official" email, saying the email address you sent an email to doesn't exist. What happened? It turns out that our spammer has sent at least one of his spam emails to an email address that didn't exist. Let's say that the bad email address he tried to send an email to was ezekial@yahoo.com. Here's why you got this notice.

When his internet mail server connected to Yahoo's mail server to send the mail, Yahoo's mail server just accepted the email and the address. It didn't check it right at that moment.

Now let me digress for a moment and explain how this process was supposed to operate back in the good old days before there was so much spam on the internet. Back then, the spammer's mail server at spamcorp.com would initiate a connection to Yahoo's mail server. They would exchange pleasantries, like you might if you called a friend. Then spamcorp.com's mail server would tell Yahoo's server that it wanted to deliver an email to ezekial@yahoo.com. Before going any further, Yahoo's mail server would check to see if there was such an email address at Yahoo. If there wasn't, Yahoo's mail server would say something like, "Nope, I don't have anyone by that email address here. So I'm not going to accept that message." And that would be the end of it. No delivery for that email address. This is the way the conversation between email servers was originally designed to work.

Things don't work this way any more. Why? First, places like Yahoo have literally millions of email addresses on their servers. Checking through all their addresses for a particular one every time Yahoo's mail servers talk to another mail server would just be too much. It would slow the whole process of transporting, sending and accepting emails w-a-a-y down. But the second reason for not doing it this way any more is this: If Yahoo says to the other mail server, "Nope, that isn't a valid email address", it tells potential spammers that an email address is not valid. The spammers will then drop it from their lists. So this is actually a help to spammers. The theory is that, if you just let spammers send this stuff out to a bunch of bogus, expired addresses, it wastes a bunch of the spammers' resources. Eventually, their lists contain tons of crappy, bad addresses. And the people that pay them to send out spam get less and less value for their money.

So generally these days, mail servers on the internet are configured to simply accept any email address (on their servers) and act like everything's okay. Eventually, spammers have a bunch of bad email addresses because people moved on or changed internet service providers or whatever. And the people who pay spammers maybe become a little less willing to pay them so much, knowing that a bunch of their email addresses are bad.

Now, if you're an astute observer, you might be asking what Yahoo (or whoever) does with these emails they've accepted to bad addresses? Good question. Generally, industry standard practice at this point is to simply drop them. That is, simply erase them from memory and go about your business. This is the simplest way to handle things. Unfortunately, not everyone got that memo, and some mail servers will, when they discover an attempt to deliver an email to a bad email address, craft a message explaining how there was an attempt to deliver an email to a bad email address. Question is, who do they deliver this "rejection message" to?

You. And that's why you have this message in front of you. You see, in the inbound email to Yahoo, your spammer put you down as the sender. So, if Yahoo is one of those places that never got the memo about just dropping messages to bad email addresses, they'll send the rejection back to you. This rejection message is actually called a "bounce", but in the broader context of email on the internet, it's an example of "blowback" or "backscatter".

Let's summarize. Our spammer, bill@spamcorp.com, wants to send 10,000 spam emails out to his list of email recipients. He puts your email address down as the sender of some or all of these emails. One of the addresses is a bad one: ezekial@yahoo.com. But it turns out yahoo.com's email server is badly configured. When it gets the email that's supposed to go to ezekial@yahoo.com, it realizes that's a bad address. So it sends a "bounce" message back to the person it thinks is the sender-- you. And voila, you're a victim of "backscatter" or "blowback".

So what are you supposed to do with this thing? If it's to an address you never actually sent an email to, then do what Yahoo should have done with it in the first place: drop it. Drop it in your trash can on your computer, erase it, whatever. You don't need it or want it.

Now hopefully you know what to do next time you get one of these. Hopefully, you won't worry about it or what it means. You'll just throw it away and go on with the rest of your email reading.

(Bear in mind here, that I'm making no statement about Yahoo either way. I'm only using them as a well-known company which accepts email for many people.)