ESET Online Help

Search English
Select the topic

Backscatter protection

Spam backscatter is misdirected bounce messages sent by mail servers and an undesirable side effect of spam. When the recipient's mail server rejects a spam message, a Non-Delivery Report (NDR), also known as a bounce message, is sent to a supposed sender (an email address forged as a sender of the original spam message), not an actual sender of the spam. The email address owner receives an NDR message, even though the owner wasn't involved with the original spam message. This is where Backscatter protection comes in. You can prevent spam NDRs being delivered to users' mailboxes within your organization using ESET Mail Security Backscatter protection.

When you Enable NDR check, you must specify a Signature seed (a string of at least eight characters, something like a passphrase). ESET Mail Security Backscatter protection writes X-Eset-NDR: <hash> into the header of each outgoing email message. The <hash> is an encrypted signature that also contains Signature seed you have specified.

If a legitimate email message cannot be delivered, your mail server usually receives an NDR, which is checked by ESET Mail Security looking for the X-Eset-NDR: <hash> in the headers. If the X-Eset-NDR: is present and the signature <hash> matches, the NDR is delivered to the sender of the legitimate email message indicating the message delivery failed. If the Eset-NDR: is not present or signature <hash> is incorrect, it is identified as spam backscatter, and the NDR is rejected.

Automatically drop NDR messages if check fails

If your NDR check results in an immediate fail, an email message can be rejected before it is downloaded.

You can see Backscatter protection activity in the SMTP protection log.