Backscattering vs. Spoofing

Discussion in 'Mac Basics and Help' started by sandyvet, Dec 9, 2009.

  1. sandyvet macrumors newbie

    Dec 9, 2009
    I hope this is the right forum. Recently I received a bunch (4-6 over 2 days) of "returned" undeliverable e-mails from a variety of servers. They all contained the same, vile e-mail that I did not send. I spoke to my ISP CSR- he did not know what the issue was. I spoke to a friend, who assured me it was backscattering and told me not to worry. I found this on the web:

    "If your inbox is full of those “Delivery Failure Notification” messages then you are likely seeing backscatter. Check the email headers and if the header nearest the bottom is not your server, then it is definitely backscatter."

    I checked the header, and this was the case. I e-mailed my ISP to advise them of this apparent backscattering, and this was their reply:

    "It is more likely that your email could be spoofed and a virus is
    sending out messages as originating from your email account. You may
    wish to run an antivirus scan at your earliest convenience. I recommend simply deleted the bouncebank emails."

    My question is: Is my ISP simply wrong? Is there any chance my e-mail address could be blacklisted? I now have a MacBook pro and a router, and considering my ISP's track record, I find their answer lacking in credibility.

    Can anyone ease my anxiety? Thank you.
  2. Tumbleweed666 macrumors 68000


    Mar 20, 2009
    Near London, UK.
    I have not heard of the backscattering term, but I had, 2 or 3 years ago, a flood of Delivery Failure Notification messages over a few weeks, and my PC (I was on a PC then) definitely was not compromised.
    Somehow one of my email addresses had gotten out, and the explanation is very simple, my (and in this case, your) email address is being used as the "reply to" address by a spam network.
    So no, its very unlikely your Mac has been compromised, especially if you haven't installed any applications from dubious sources, however your email address, or one of them, has got into the wild, which is a PITA.
    I would recommend setting up an email rule that simply deletes them. In that respect your ISP is correct, and probably in a fairly high percentage of cases they are also correct that the PC (eg Windows PC) has been infected. But to repeat, very very unlikely with Mac , especially if you havent been installing cracked apps.
    EDIT; I should add, that email address of mine is now effectively useless, in the end 99% of all emails to it was from from spammers, and I now have a rule that for any arriving email with that address, delete it. You are unfortunately likely to find the same.

Share This Page