The problem of backscatter, part 18 - Wrapping it up

Backscatter spam is annoying.  It's tough to filter because the contents of it can fool content filters and can also fool end users.

Indeed, if your content filter could recognize an NDR and ignore the parts that typically occur in NDRs, you could then filter the rest of the message normally and make the spam/not-spam classification that way.

When it comes to NDRs and Delivery Status Notifications, probably the key thing to remember is to treat them as a subclass of actual email.  It's not marketing, it's not business mail, it's not a personal communication, it's simply a notification that mail that you sent did not get delivered the way you expected.

We've seen a number of ways to filter the mail, some better than others.  Ultimately, what it comes down to is treating bounce messages differently than regular inbound mail and making decisions based upon that special categorization of email.  The rules of normal inbound filtering are modified because it's simply a better way to evaluate it.