A user is receiving non delivery receipt (NDR) notifications, Out of Office replies or challenge responses for emails they did not send.
Symantec Email Security.Cloud
Backscatter is the flood of messages received when an email address is forged as the sender on spam messages. The drawback of this is that the innocent party whose email address was forged will then receive bounce notifications, out of office replies, challenge response messages and more. While unwanted, backscatter messages are coming from legitimate sources and are not deemed as SPAM (Unsolicited Bulk Email).
If you are receiving unwanted bounce mails, you can stop them by some simple filtering either on your mail server or in your end users' mail clients. The exact method of doing this will vary from server to server and client to client. We mark mails that appear to be bounces or NDRs with a special rule, ML_IS_POSSIBLE_BOUNCE. This rule, along with other rules that the message matches, will be in the X-SpamReason header of the message. Therefore, your filter should look for ML_IS_POSSIBLE_BOUNCE anywhere in the message's X-SpamReason header.
If you decide to implement this type of filtering, there are two issues you should be aware of:
1) There is no standardized format for bounce mails. The ML_IS_POSSIBLE_BOUNCE rule is quite comprehensive, but we cannot guarantee that it will identify all bounce mails.
2) This rule does not discriminate between bounces caused by spammers spoofing your addresses in their From headers and legitimate bounce mails. A legitimate bounce mail might be where one of your users has mistyped the email address of a business message, and the destination mail server then rejecting the message. If bounce mails are blocked, users may get no warning of this.
These two issues should be carefully considered before you start filtering.
If your situation prohibits you from utilizing the method describe above, please contact our support team for further assistance.