The following is a diagram that I drew that illustrates a summary of how BATV is supposed to work to prevent backscatter.
Note the sequence of steps:
- Bender sends a message and hands it off through the outbound server.
- The outbound server signs his SMTP MAIL FROM.
- The recipient email server, mail.planet.express.ca, sees that the person he is delivery to does not exist.
- It accepts... and then bounces the message back with a null sender and puts the original, signed MAIL FROM into the RCPT TO.
- Upon hitting the inbound mail server, we see that futura.ama.org is one of our outbound customers, the message is a bounce, the encryption of the RCPT TO checks out so we accept the message.
- Meanwhile, evil spammer Nudar sends a message to mail.planet.express.info forging Bender's name.
- Mail.planet.express.info accepts the message, discovers that it can't deliver it and then bounces it back to Bender.
- Upon hitting Bender's inbound email server, it sees that Bender is an outbound customer and the message is an NDR. However, the RCPT TO is not signed, therefore the message is rejected.
That's BATV in a nutshell.