Backscatter protection

Spam backscatter are misdirected bounce messages sent by mail servers. Backscatter is undesirable side effect of spam. When a spam message is rejected by recipient's mail server, a Non-Delivery Report (NDR), also known as bounce message, is sent to a supposed sender (an email address which was forged as a sender of the original spam message), not an actual sender of the spam. A user, who owns the email address, receives NDR message, even though the user wasn't involved with the original spam message at all. This is when Backscatter protection comes in. You can prevent spam NDR's being delivered to users' mailboxes within your organization using ESET Mail Security Backscatter protection.

When you Enable NDR check, you must specify Signature seed (a string of at least 8 characters, something like a passphrase). ESET Mail Security Backscatter protection writes X-Eset-NDR: <hash> into the header of each outgoing email message. The <hash> is an encrypted signature that also contains Signature seed you have specified.

If legitimate email message could not be delivered, your mail server usually receives NDR, which is checked by ESET Mail Security looking for the X-Eset-NDR: <hash> in the headers. If the X-Eset-NDR: is present and the signature <hash> matches, the NDR is delivered to the sender of the legitimate email message indicating the message delivery failed. If the Eset-NDR: is not present or signature <hash> is incorrect, it proves to be a spam Backscatter and the NDR is rejected.

Automatically drop NDR messages if check fails

If your NDR check results in an immediate fail, an email message can be rejected before it is downloaded.

You can see Backscatter protection activity in the SMTP protection log.