"Backscatter" is basically "bounce emails you receive for messages you never sent". These are usually bounced spam messages from spammers using your email address as a forged 'From' address. A more detailed explanation follows.

When email is delivered to a system, if there is a problem delivering the email (eg account doesn't exist, user over quota, etc) then most systems will generate a "bounce" email back to the sender to let them know there was a problem. The way to determine the original sender of the email and thus where to send the bounce is by using the 'From' address on the original email.

Unfortunately there is no way for systems to verify that a 'From' address is correct (there are attempts like SPF and DomainKeys, though these have flaws). When spammers send email, they almost always forge the 'From' address the email is sent from. This is why blocking specific sender addresses is ineffective, spammers usually forge every email to come from a different address.

If there is a problem delivering the email the spammer has sent, then a bounce will be sent back to the 'From' address on the email, which is whatever the spammer has made up. The problem occurs when spammers use YOUR email address as the 'From' address on emails. In these cases, you may get many bounce emails appearing in your inbox for emails you never sent!

This is called "backscatter", and is unfortunately a consequence of just how the internet email system was originally setup.

However, there are some things that can be done to try and reduce backscatter. When most systems bounce an email, they include all or part of the original email in the bounce. What we can do is check the original email as attached in the bounce, and see that it appears to have been sent through our server. If not, then we know it was an email sent by a spammer with a forged 'From' address.

When this happens, we mark the email as "backscatter", and perform whatever action is specified by this popup menu.

Unfortunately the backscatter filter isn't perfect. To work, the "bounce" email has to have part of the original message in it so we can check if you were actually the original sender. Quite a few systems don't include the original message in the "bounce" (the most common being challenge/response systems that are supposed to stop spam, and just end up adding to the problem for others). In these cases, we can't determine the true original sender of the email, and thus we can't mark the emails as backscatter.

Our testing suggests the backscatter filter is still very effective, catching around 90% to 95% of all unsolicited bounce emails. Unfortunately if for some reason a spammer is forging your address on their emails, then they can send millions of spam emails. Most systems will absorb, SMTP block, or discard the spam emails, but for those systems that do bounce them, if even 1000 of those generate backscatter bounces and 5% to 10% get through, that's still around 50 to 100 emails that get through, a lot better than 1000, but still annoying. Unfortunately there's not much we can do to improve that until more systems correctly attach the original email in the bounce message.

As part of the backscatter analysis process, we attach a header to the email when we think it might be backscatter. The header is X-Backscatter and can be one of the values: