Skip to content

Backscatterer List


Status: Active
Terms: Free
Zones: 1

Background, working in cooperation with is different than most DNS based blacklists. does not maintain a list of IP addresses that have been seen spamming, sending email to honeypots, spamtraps, or any of the other general tactics uses by other DNS blacklists to determine if an email is spam. Instead, they concentrate exclusively on what is called backscatter and sender callouts.

Backscatter is a simple concept to understand, and important to understand, as in the case of, it will not be the spammers server that is blocked, but yours. Given a hypothetical scenario, if a spammer were to send 2 million emails to different recipients, some would deliver, and others would not. Not all spam lists have 100% deliverability, employees come and go, email addresses are retired etc. Of the emails that are unable to be delivered due to a “user not known” type of error, a non delivery response, or bounce, should be sent back to the sending server, or in this case, the spammer. However, misconfigured email servers, will instead send the bounce to the listed FROM: address within the headers of the email.

This means, that any email address used as the FROM: field, will receive the bulk of all bounced emails from the misconfigured server. In such cases, will block your server because it is your server that is hurting innocent servers that played no role in this process.

Sender callouts are an entirely different tactic. Most email servers support a command called VRFY. VRFY allows a remote sender to probe the recipient server, and ask if a user is known. This probe happens extremely quickly, and uses very little data and resources to check. Most email administrators have disabled this feature, as spammers have been using it to clean their lists of addresses, as well as perform fast dictionary attacks.

However, there is one more command, slightly higher up in the chain, that can also answer if a user is known or not, which is the RCPT command. considers you to be an abuser if you circumvent the disabling of VRFY, and go up the chain to RCPT to test for a valid user. If you enable sender callouts in your email server, you are trying to detect when a spammer is working his way up the chain of your server to verify a user, by making a connection back to the person making the original connection. The large problem with this technique is that the address you will be checking is almost always spoofed. If the address is spoofed, you will be probing, and in cases of high volume, essentially attacking, a completely innocent remote server. Spammers never use legitimate email addresses, they are always spoofed.

On the surface, to a new email server administrator, sender callouts seems like a good thing, and without spammers, sender callouts would be a valuable way to detect the legitimacy of a sender. Thought, as a result of the mere existence of spammers, using something like sender callouts is completely futile, and will only work toward implicating your server in some form of attack against an unknown third party. will list your server if you are known to employ sender callout practices. gathers most of it’s information from it’s partnership with the DNSBL project.

Listing criteria

Listing in comes down to two criteria. If your system is seen sending backscatter or sender callouts, you will be listed. This can be problematic for some email server administrators, as sender callouts are a common misconfiguration of some email servers. It also sounds like a good idea on the surface, to a new email administrator. As long as you read the documentation to your server, and do not allow backscatter or sender callouts, your system will not be listed.


The is different than other DNS based blacklists. To use, you are not looking for a normal DNS response of an IP address to a reverse IP address lookup. To use, you will need to determine specifically how to have your mail server look at each individual email, parsing specifically the MAIL FROM: header, looking for a value of “<>” or “postmaster”. If you detect those values, you should block or score against that sender.

It would be a bad idea to permanently block the sender, as backscatter can happen from large and well known free mail providers. One viable option is to reject the email, but not reject the host.

Removal Process

Removal from is extremely strict. Upon detection, your IP address will be listed for 4 weeks from the point of last seen abuse. If no further abuse is seen, your IP address will expire in exactly 4 weeks. If 4 weeks is too long for your organization to wait, there is a process called “expressdelisting”, which is explained when you lookup your IP within the IP lookup tools. Not all IP addresses are eligible for expressdelisting.

The simplest thing to do is to avoid becoming listed, which means contacting your email server vendor, or reading the documentation to be certain your server is configured correctly.

Related Articles

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

SIM Swapping. Scammers are taking over our smartphones…and text messages too!

Did you know that through a dirty trick called SIM swapping, a scammer could take over your…

[Read More]

About the Website Redesign

I hope you like the redesign and how we’ve improved the website for you. The IP…

[Read More]
Twitter Hack

Twitter Hack Lessons: Employees Often Help Hackers Succeed.

There was huge hack of Twitter in Summer of 2020. with all kinds of surprises. Here’s what…

[Read More]

A Free VPN is Always Better Than Not Using One

A free VPN (a trustworthy one) may be all that you need for more privacy, more security…

[Read More]

Tech Tips So You Can Be the Final Girl

Imagine you’re in your favorite slasher flick. You are on the run from Michael Myers or Jason….

[Read More]

How to Stay Entertained While Self-Isolating During the Coronavirus Crisis

So you’re self-isolating while trying to balance work, home, and in some cases school all under one…

[Read More]