Spammers commonly forge the headers of messages they send, making it appear as though they originated elsewhere. Spammers harvest vast numbers of email addresses, or even guess common email addresses, and then put these addresses in the "To:" and the "From:" fields of the millions of email messages they send out. Some of the messages they send will end up bouncing, and when they do, they bounce to the forged address in the "From:" field, which may be yours.
Users need to know if their legitimate messages are bouncing, and the Office 365 system can't distinguish legitimate bounces from illegitimate bounces.
'Backscatter' is the name given to messages generated when a spammer uses your mail address in the 'From:' line of their messages. If the spammer's message can't be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the 'From:' line.
Backscatter messages take several forms:
If a spammer sends a large number of messages, you may receive literally hundreds or thousands of 'backscatter' messages.
In most cases your email address has been spoofed by a spammer, and there is no risk to your account or your computer. However, in some cases your email account credentials or your computer has been compromised by a spammer. We recommend that you log into Office 365 web client and forward as an attachment one of these bounce messages to firstname.lastname@example.org. The DoIT Help Desk will be able to determine if you will need to reset your email password or scan your computer for infection.
If the message is being sent to an alternate address (on your account), including departmental addresses, that you no longer use, you have the ability to remove/delete this address.
There are a few ways to deal with this problem: