I’ve previously written on how to stop email backscatter. In case you missed that post, email backscatter is when your server bounces and email to an unknown user. Since the reply-to fields can be spoofed, this allows spammers to bounce emails off of your server, thus getting their spam delivered. Instead of sending these non-delivery reports (NDRs), you can set your server to reject email to unknown user. While this may sound similar, rejects send a 500 series email error to the senders server. Rejects do not send emails. As a result, the backscatter problem is stopped.
Email Forwards Cause Backscatter
Recently, I investigated a server that had become listed in backscatter.orgs RBL. This way surprising since every domain on the server was set to reject email to unknown users. I also verified that emails to users at the servers hostname, eg. firstname.lastname@example.org, also did not bounce. So I was surprised to see the IP in backscatter.org’s RBL, and since they fail to provide any evidence for why the IP was listed, I had to dig further.
Digging into emails sent to the postmaster, I found something curious. Someone had emailed an account which was being forwarded to another account. However, this other account was no longer valid. As a result, the forwarded email was bouncing.
Since recipient checks do not pass through to forwarded emails, this opened the door for backscatter. This account had a high volume of spam which is likely what got it nailed in backscatter.org.
Unfortunately, I don’t see an easy way to resolve this other than remove the forward. The plesk server would have to do a sender verify call-out to prevent this from happening and sender call-outs are often just as bad as backscatter.
So if you find you’ve been nailed for backscatter and cannot find the cause. You may want to look at forwards. I’ve not tested it but I suspect this behavior is consistent on other email platforms.
On plesk, I recommend creating a site or domain alias that matches the hostname of the server. You can then create a root email account with abuse, postmaster and other aliases. Collecting these emails can be useful for diagnostic purposes.