Backscatterer Network Spam List Is Another UCEPROTECT Extortion Scam!

A few months ago I wrote an article about the UCEProtect network spam list and how their practices are extortion. Read it here UCEPROTECT-Network Spam List, Is This Extortion?

Well today, we’ve ran across another problem with UCEProtect! While troubleshooting a clients bounced email message, I ran a test for blacklist listings using MXToolBox.

Everything came back clean, except for one, backscatterer.org. This is a new one to us, so we did a little investigation. Visiting their website was déjà vu, it reminded us of the UCEProtect website, and as it turns out, they’re one of the same. Visiting their contact page you will see “
BACKSCATTERER.ORG is run by the UCEPROTECT-Network”.

As it turns out Backscatterer is NOT a blacklist, It’s a Sender Callout Abuser list! Nobody should be blocking mail based solely on data from a backscatter list. The only thing any mail administrator should do with this list is to use it when determining whether to flag a message as possible spam.

Since our clients mail recipient is using Backscatterer as a blacklist, we need our IP address removed. To have our IP address removed they want us to pay 50.00 € Euro’s (EUR) to process our request and remove our IP. That’s almost $67 dollars! This is totally unacceptable, and just as illegal as UCEProtect! The only other way to have your IP address removed is to wait 4 weeks after the last abusive action.

When visiting their contact page you can see just how professional the company really is.

“There should be no need to contact us: We have heard all possible excuses why people think they can not stop their systems backscatter or doing sender callouts. If you have chosen to be a lazy or selfish netcitizen letting your system backscatter or doing sender callouts you perfectly match listingcriterias. Your recipients and we are tired of all the fake bounces, misdirected autoresponders and verify calls wasting our resources, and therfore you got blocked.”

OUR BLOCKLIST – OUR RULES. NO ONE GETS A FREE RIDE HERE.

We don’t make exceptions to our list, so it is futile and a waste of your time to contact us and ask for delisting.”

These statements make their company sound like a complete scam, how could a professional organization perpetuate such a business model? Why would any professional company associate themselves with Backscatterer?

If you are having mail delivery problems due to a backscatterer like us, you have our sympathy. We recommend not paying fees to anyone and addressing the matter with the mail administrators of the target mail server directly. We are sure they would be very interested to know that they are blocking legitimate mail based on a UCEPROTECT service.

AT JVF Consulting we recognize the effort of the list to inform mail server managers of any known RBL lists that contain their server names, but do not condone the use of it as a blacklist. Need help off their blacklist? Contact us.

  • Astin

    How on earth do these scammers even get business? Between their site design, their language, and their behaviour, I would swear that this bunch is a couple of tweeners hiding in their parents basement who just so happen to know how to steal. I have a client that can no longer send email to one of their crucial business partners. Was a virus involved? Nope. Bot? Nope. Worm? Nope. Mailer, Bomber, Spoof…? Nothing. Only this one silly “blacklisting.” So they have to wait four weeks in HOPES that they will be clear and can continue their business activity or else must pay money to these losers? On top of the fact that they already paid out to our IT firm to track down this issue.

  • Hel

    These guys are horrible. I have no idea how the rest of the world is still using their services thinking they’re a reputable, professional company. Recently, they’ve begun posting legal cease-and-desists they receive on their site to try to shame senders into stopping. Bunch of asshole German bullies. The page I’m discussing is here: http://www.uceprotect.org/cart00neys/index.html Read some of that language (really, guys, “lamers”? 1990 called and wants its 1337 Hax0r slang back…) They’ve recently blacklisted McAfee’s SPAM-filtering SaaS ENTIRE public IP block. Let’s see how that goes over…

  • Ralph Rogers

    Do not pay!

    They are German scammers working hand in hand with corrupt officials in Bavaria. In Germany, it is a criminal offense to block or interrupt someone’s email traffic.

    Everyone urge your own provider and the providers of your business contacts not to use their lists.

    Urge your national authorities (FBI et al) to act and this international scheme.

    More info here http://www.aaroncake.net/misc/showthought.asp?thought=57

  • TheTechGuy

    The staff at UCEProtect/Backscatterer have a disgusting attitude which only serves to undermine the legitimacy and professionalism of such an organization.

    Have a look at the link I’ve posted below and make your own mind up, but the replies from a “technical engineer” from UCEProtect are far from professional and scream “bullying kid from school”.

    https://groups.google.com/forum/?fromgroups#!msg/news.admin.net-abuse.email/LSLjP553tDA/Dm5Q-wMLnZ8J

    Their credibility is put to task with replies like that, only further serving to confirm that nobody in their right might should be using them to block email.

    If one of my employees was sending out emails like that, or re-posting it on a live forum, they’d be finding themselves a new job quick smart.

  • Kenwood

    Uceprotect could accomplish the same thing with their lists if the block lasted for only 24 hours since continued abuse would result in a continued block. This is extortion pure and simple.

  • We’ve been dealing w/ this for a year, and keep blowing them off, but more and more companies keep accepting them as a “legitimate” list when they’re nothing but extortionists, and hosting clients can get screwed.

  • Mike

    They are blacklisting whole ISPs and blackmail them. We are talking about full AS with thousands of IP addresses. Anyone who is consulting this scam service for anti-SPAM, should be notified and slapped if he ignores these facts. If a mailserver rejected your email because of this list, you should immediately inform the owner – server admin about this and urge him to change to a valid and legitimate anti-spam list, for example spamhaus. If there are antispam programs out there for email clients that also take advice on this list, their authors should also be notified.

  • Backscatterer use paypal to collect payments. Today they are demanding $110 from me for removal from their list.

    Paypal is their merchant for collecting payments.

    I have contacted Paypal for an explanation how a company which
    1. I have no relationship with can demand payment for a service which I have neither asked for or need
    2. Does not meet Paypal merchant requirements – for example contact details

    This is a scam and/or extortion. No company should associate their brand with it.

    I suggest everyone logs a complaint with Paypal and their local “Trading standards organisation”. The FBI in the US are usually interested in those using the internet for this type of activity. I suggest everyone reports the site to them also.

    Regards

    Rob Jones

  • My undeliverable email showed up in association with this server tool –

    http://www.linuxmagic.com/power_of_ip_reputation.html – under the name of “MagicMail,” which considers Backscatterer.org as a legit spam blacklist. If your host is using this on their server, there’s a good chance you won’t get all the emails you want to receive.

    I like Spam Assassin, but this MagicMail is too much, and those folks should be able to discern the reality of the threat caused by “backscatter.”

    Just say no to linuxmagic.com

  • Hi, I got so fed up of claus Von Wolfhausen and UCEPROTECT (Backscatter.org) that I decided to set up a website advising people on how to deal with the whole issue..
    It’s fairly comprehensive and goes into a lot of detail .. check it out if you are stuck on their list.. there are guides to preventing backscatter on your mail server..
    thanks. Patrick
    http://www.stop-backscatterer.com

  • Imiriz

    There many reasons why a server would accept a message and reject it later on.
    One obvious reason, is forwarding – a local user set his account to forward his mails to another, remote, email address.
    The user’s local mail system accept the mail and and tries to deliver it to the remote email address. The remote mailbox (mail system) responds with a transient (soft) error until the mail expires in the local queue and a bounce must be returned.

    This is just ONE example of a valid reason – there are plenty more.

  • Adam Reynolds

    These idiots who created this SCAM organization aka Backscatterer.org, email is far from perfect no matter who set it up.

    It will be a cold day in Hades before I would give them 1 penny, much less contribute money to criminals.

    False positives of 1 event is beyond utter madness, until they BAN all free email accounts, have a mandate RFC for 10+ character passwords utilizing numbers, symbols and letters. It will never stop, plus the fact these same people are probably running spam operations at shady hosting providers.

    ANYONE can spoof the from and/or make it say anything except for the raw source.

    People still do not have rDNS, SPF, domain keys and/or the other mechanisms so this is just extortion in the most hypocritical CRIMINAL ring on earth.

    ENFORCE the RFC standards today that would help out, and get rid of weak passwords, enforce limits on amount of emails sent in 24 hours, shutdown criminal hosting companies.

  • SysAdmin01

    Backscatterer.org is a SCAM do NOT pay them any money unless you enjoy being ripped off.

    No one uses them, who cares what they say.

    IGNORE them, they will soon fade away like other criminals.

  • mark gould

    hello all, i was just wondering how to setup the recipient filter on exchange 2007

  • As it turns out Backscatterer is NOT a blacklist, It’s a Sender Callout Abuser list! Nobody should be blocking mail based solely on data from a backscatter list. The only thing any mail administrator should do with this list is to use it when determining whether to flag a message as possible spam.
    I have to disagree with everything you said. Do a little more googling and you will find that their have been plenty of false positives on backscatter.org and that they block entire IP ranges which means that you have to pay to get delisted even if it was another server on your IP range that was the culprit.
    I agree with you.

  • I’m sorry Alan, I have to disagree with everything you said. Do a little more googling and you will find that their have been plenty of false positives on backscatter.org and that they block entire IP ranges which means that you have to pay to get delisted even if it was another server on your IP range that was the culprit. And they list you because of bounce backs which is just ordinary email traffic as far as many mail-hosts are concerned.

    Fair enough that if you get listed on an RBL you should look at why you are listed and if it is because of a bad configuration then fix it but it would be helpful if backscatter.org provided a detailed reason why you were listed in the first place instead of a list of possibles and the date and time of your smtp log entry (which might have rotated by then anyway).

    And wouldn’t it be nice if backscatter.org actually bothered to send the offending mailhost an email at the time of them being listed so they can minimise the issues caused by being listed a little earlier instead of getting notified by a customer who can’t send email to one of their contacts.

    As far as I am concerned Backscatter are being unreasonable with their charging policy with no warning and no actual detail as to why you got listed in the first place. They are just plain scammers!

    There are plenty of good and ethical RBLs that you could use like spamcop and spamhaus who use donations to pay for their efforts. I suggest that all proper mail-hosts boycott the thieves at backscatter.org and their parent company UCE protect before they do any more damage and cause any more loss of earnings by legitimate hosts like us.

  • The reason people end up on Backscatterer.org is because they are not Filtering Valid Recipients on their own server. If they were, then their server won’t be responsible for sending an NDR message back to the sender, the sender’s server is responsible.

    If the message is sent from a spammer and the spammer forges the From address and the receiving server accepts and then rejects the message, then the receiving server (that isn’t Validating Recipients) is the server responsible for sending an NDR message, and guess where that goes to – yep – the spoofed sender address.

    So in short – if you end up listed on Backscatterer.org – it is because you are not filtering valid recipients on your own server, or if you use a 3rd party to filter spam for you, they are not filtering valid recipients and your server is sending out NDR Spam back to innocent users who never emailed you in the first place.

    Don’t whinge about paying for de-listing and being de-listed in the first place – configure your server correctly to filter invalid recipients and the problem will go away.

  • pissed

    Google is complicit in this extortion because they apparently block servers listed by backscatterer.org We [and all of our customers] were blocked with no justification or recourse.

    Is this the NEW evil?

    Beyond pissed….

  • Carlie LaQuay

    So bottom line CAN MY MAIL SREVER BE REMOVED from their list?

  • David

    Have to agree – and their logic is not sensible either – If my mail server does not send and undeliverable reports, senders will not know they mis-typed and email address, or that a person has left.

    Given HOW you get listed on their blocklists, you could be listed because one person types in a honeypot address into a webform on your site and your email auto-responder sends a message to the address given – bingo – listed for at least 7 days.

    UCE Protect and Backscatter are just out to get as much money as they can. I’m surprised the German government is not investigating them.