Skip to main content

Why are Hornetsecurity IP addresses listed at Backscatterer?

  • Updated

1- What are backscatters?
Backscatter emails are automatic responses via email (such as non-delivery reports, delivery confirmations and out-of-office notes), or so-called bounce messages. If the sender of the original email is faked, it can happen that said emails are delivered to innocent third parties.

2- What is the backscatterer.org deny list?
Backscatterer.org is a list that captures IPs that send the above mentioned email types with the goal of reducing backscatter spam. This is first a respectable goal, which could reduce the global spammail volume.

3- Why are Hornetsecurity IP addresses listed by backscatterer.org?
First we distinguish between incoming and outgoing channel.

 

Incoming:

Hornetsecurity takes all possible and necessary measures to identify incoming backscatter spam and to prevent it from spreading through various mechanisms. Incoming backscatter emails are effectively detected and rejected by the MTA before they are accepted within the SMTP channel. The following NDR is not generated by Hornetsecurity and therefore cannot enrich backscatter further.

Furthermore, Hornetsecurity uses a specially developed bounce management, which distinguishes real from fake bounce messages, to provide the highest possible quality of incoming messages for service users.

Outgoing:

Let's take as an example an out-of-office notification that is triggered after a regular email to a service user is received. It is considered a "hit" for a recipient who uses the RBL Backscatterer as blacklist. The same applies to the other email types mentioned above.


4- Does Hornetsecurity request the removal of the own IP addresses from the blacklist of backscatterer.org?

As your external email security provider we are obliged, even commissioned by you, to deliver the above mentioned outgoing email types to the sender. Therefore, Hornetsecurity does not consider these emails as spam.

The removal at the blacklist backscatterer.org can only be done for a fee, no matter if the sender actually disturbs the mail operation. Hornetsecurity considers the blacklist-operator Backscatterer as dubious, as long as he also enriches himself with legitimate bounce messages and demands a fee for the activation.



5- What can a service user of Hornetsecurity do, if emails are rejected due to the blacklist of backscatterer.org?

Whoever uses this blacklist to block, without softening the consequences of the compelling "false positives" through a whitelist, accepts intentionally or negligently that even legitimate emails will not reach him. The external communication partner should not use the blacklist of backscatterer.org as the only classification criterion.

Our recommendation is not to use SMTP rejects for backscatterer hits, but to process them as softfail: e.g. quarantine, tagging or drop. But not to use a reject or bounce. This often prevents legitimate business transactions, which are extremely frustrating for end users.

The configuration of a mail server is always a matter for the operator. We recommend our service users to contact the communication partner in order to perhaps achieve a configuration adjustment in a dialog.

Related articles

Articles in this section
See more