Although it has existed for quite a while, a recent example of “backscatter spam” is depicted below from earlier this month:
In the above example, notice that the quoted text –and the associated attachment — is a portion of the original spammed email message.
Backscatter is a term coined to refer to the intended effect of sending spam using forged sender addresses. Spammers who send email messages with different sender names in the From field are in fact counting on certain types of mail transfer agent (MTA) programs that return the entire text or message to the forged sender (as in Message Sending Failure messages or bounced email notifications) instead of truncating the messages. MTAs that are configured like this inadvertently cause a spam run, because they “send back” message to users who did not send these messages in the first place.
Similar to malware attacks that reuse old exploits, this recycled technique is just as effective as it was when it first appeared, as long as the conditions that allow it still persist. Mail server administrators should therefore be aware of this to avoid contributing additional volume to the already burgeoning problem of bulk mail.
Trend Micro spam filters are, of course, able to detect backscatter, and effectively deal with it.
