Problem Description
Type 1: SERVER BOUNCES: Backscatter is a type of spam that, in its simplest form, occurs when a spammer sends spam to a non-existent address knowing that the mail server will bounce the message. They forge the 'from' address or set the 'reply-to' address in the message to the intended target, such that the unwitting receiving mail server bounces to that address.
Type 2: FORM ABUSE: Another variant of backscatter occurs as form abuse. The spammer will trigger a form on your website that has the option to send a copy of the message to the sender. They will then include the message they want in the form and set the 'from' email address to the intended target, then let the web server do the sending for them.
Problem Resolution
Type 1: To prevent this, ensure your mail server is configured to *not* bounce messages to non-existent recipients. It should instead be configured to reject such messages. Our shared servers are configured this way by default to prevent backscatter.
Type 2: The best way to prevent this from occurring on your website is to ensure you either:
1) Do not have an option on the site to send a copy of the message to the sender, or
2) Ensure you use a quality CAPTCHA system like Google's ReCAPTCHA in your form. We like using WP Forms or Contact Form 7 as both support ReCAPTCHA integration.
