There's a new kid in town...
Starting March 2015, we have started rollout for Boomerang, a new feature that will protect customers of Backscatter emails
Backscatter spam occurs when a spammer spoofs your email address and sends it to a random person on the Internet. The random person’s mail server accepts the email message and then later discovers it can’t deliver it. There are a few reasons why this occurs:
•The random person’s mailbox is full
•The random person’s mail server rejects spam
•The random person’s email address does not exist
When that happens, the random person’s mail server sends a bounce message (non-delivery receipt, or NDR) back to the sender saying “Sorry, I could not deliver this message.” However, instead of sending it back to the spammer who sent the message, the mail server sends it back to you.
You then receive this NDR in your mailbox indicating that the message “you” sent could not be delivered. But rather than being informed “your” message bounced, you say “Why am I getting bounces for a message I never sent?” Often times, these bounces contain spam.
Exchange Online Protection is improving its backscatter spam detection with Boomerang - a technique originating in outlook.com which using cryptography and checks to see if a message did originally originate within the service, or is spam. If valid, the message is delivered to your inbox. If backscatter, the message is marked as spam.
The trick comes in play in the following scenarios:
1. For customers that do NOT route the outbound emails through EOP, then all NDRs will be marked as spam since the cryptographic hash will not be encoded in the original message. In order to fix this, the NDR option in the Advanced Options (under content filter policy) will have to be turned OFF:
2. For Hybrid customers. The system will check where the mailbox is located. In both scenarios (hosted mailboxes and onpremises mailboxes) legitimate NDRs will be delivered and backscatter marked as spam. However, if the NDR optin is not enabled, the message will go through the anti-spam filtering service and you might get some false negatives.
3. For customers that send messages from 3rd party marketing email providers. The issue will be the same as on the 1st case, since the original email was not stamped by the service.
Even for these cases, you can have some workarounds in place. This involves, for example, creating an ETR that is delivering all NDRs to a specific mailbox.
Hope it helps you!
Resources:
http://roadmap.office.com/en-us
http://blogs.msdn.com/b/tzink/archive/2014/11/22/improving-backscatter-detection-with-boomerang.aspx