Skip to content

Backscatterer List


Status: Active
Terms: Free
Zones: 1

Background, working in cooperation with is different than most DNS based blacklists. does not maintain a list of IP addresses that have been seen spamming, sending email to honeypots, spamtraps, or any of the other general tactics uses by other DNS blacklists to determine if an email is spam. Instead, they concentrate exclusively on what is called backscatter and sender callouts.

Backscatter is a simple concept to understand, and important to understand, as in the case of, it will not be the spammers server that is blocked, but yours. Given a hypothetical scenario, if a spammer were to send 2 million emails to different recipients, some would deliver, and others would not. Not all spam lists have 100% deliverability, employees come and go, email addresses are retired etc. Of the emails that are unable to be delivered due to a “user not known” type of error, a non delivery response, or bounce, should be sent back to the sending server, or in this case, the spammer. However, misconfigured email servers, will instead send the bounce to the listed FROM: address within the headers of the email.

This means, that any email address used as the FROM: field, will receive the bulk of all bounced emails from the misconfigured server. In such cases, will block your server because it is your server that is hurting innocent servers that played no role in this process.

Sender callouts are an entirely different tactic. Most email servers support a command called VRFY. VRFY allows a remote sender to probe the recipient server, and ask if a user is known. This probe happens extremely quickly, and uses very little data and resources to check. Most email administrators have disabled this feature, as spammers have been using it to clean their lists of addresses, as well as perform fast dictionary attacks.

However, there is one more command, slightly higher up in the chain, that can also answer if a user is known or not, which is the RCPT command. considers you to be an abuser if you circumvent the disabling of VRFY, and go up the chain to RCPT to test for a valid user. If you enable sender callouts in your email server, you are trying to detect when a spammer is working his way up the chain of your server to verify a user, by making a connection back to the person making the original connection. The large problem with this technique is that the address you will be checking is almost always spoofed. If the address is spoofed, you will be probing, and in cases of high volume, essentially attacking, a completely innocent remote server. Spammers never use legitimate email addresses, they are always spoofed.

On the surface, to a new email server administrator, sender callouts seems like a good thing, and without spammers, sender callouts would be a valuable way to detect the legitimacy of a sender. Thought, as a result of the mere existence of spammers, using something like sender callouts is completely futile, and will only work toward implicating your server in some form of attack against an unknown third party. will list your server if you are known to employ sender callout practices. gathers most of it’s information from it’s partnership with the DNSBL project.

Listing criteria

Listing in comes down to two criteria. If your system is seen sending backscatter or sender callouts, you will be listed. This can be problematic for some email server administrators, as sender callouts are a common misconfiguration of some email servers. It also sounds like a good idea on the surface, to a new email administrator. As long as you read the documentation to your server, and do not allow backscatter or sender callouts, your system will not be listed.


The is different than other DNS based blacklists. To use, you are not looking for a normal DNS response of an IP address to a reverse IP address lookup. To use, you will need to determine specifically how to have your mail server look at each individual email, parsing specifically the MAIL FROM: header, looking for a value of “<>” or “postmaster”. If you detect those values, you should block or score against that sender.

It would be a bad idea to permanently block the sender, as backscatter can happen from large and well known free mail providers. One viable option is to reject the email, but not reject the host.

Removal Process

Removal from is extremely strict. Upon detection, your IP address will be listed for 4 weeks from the point of last seen abuse. If no further abuse is seen, your IP address will expire in exactly 4 weeks. If 4 weeks is too long for your organization to wait, there is a process called “expressdelisting”, which is explained when you lookup your IP within the IP lookup tools. Not all IP addresses are eligible for expressdelisting.

The simplest thing to do is to avoid becoming listed, which means contacting your email server vendor, or reading the documentation to be certain your server is configured correctly.

Related Articles

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
  • Uncategorized
You can find someone with a picture to verify their identity.

How to Find Someone with a Picture on Social Catfish

You’re swiping on an online dating site when you come across someone attractive. You immediately swipe right,…

[Read More]
Learn how to spot red flags to stay safe from military romance scams.

Spot Military Romance Scams with Common Red Flags

Online dating can provide great opportunities to meet new romantic partners. However, it’s also a favorite tool…

[Read More]
Tinder may not have a search function, but you can still find someone's profile on Tinder.

How to Find Someone’s Profile on Tinder

Have you been suspicious of your significant other’s increased phone use lately as they hide what they…

[Read More]
Steve Baker talks about why you should check your credit score and full report today.

Check Your Credit Score Today – Here’s Why!

Every time you pay a bill or apply for credit, your data gets sent to a credit…

[Read More]
Stream the 2022 FIFA World Cup right now for free with a VPN!

How to Stream the 2022 FIFA World Cup Live for Free with a VPN

The world’s most anticipated football event is here, and it doesn’t matter where you live – if…

[Read More]
Figure in gray hood and a painted skull mask making “shh” gesture with his forefinger

How to Know if You’re a Victim of People Hacking (aka Social Engineering)

Have you ever received an “Important Message Alert!” or “Warning: Your Computer is at Risk” pop-up while…

[Read More]