The victims of hackers who have compromised or spoofed legitimate email accounts to send out spam are being flooded with failed delivery messages, according to security software firm Webroot.

The phenomenon known as 'backscatter' is rendering many peoples' email accounts useless as the account essentially falls victim to a type of denial-of-service attack as the account flounders under a deluge of bounce backs and out-of-office and full inbox auto-replies.

"Ninety per cent of over six trillion business emails this year will be spam," said Mike Irwin, chief operating officer at Webroot.

"This volume puts IT resources under an incredible strain to manage not only the spam but the ensuing backscatter. Just recently an ISP was driven offline while trying to absorb 10,000 backscatter messages per second."

Irwin reckons backscatter can be particularly devastating for smaller businesses that lack the luxury of a dedicated IT department to help effectively deal with this problem.

According to Webroot, the biggest problem with backscatter is that the responses are essentially legitimate and so very difficult to be tagged as spam by traditional filters.

To help counter this, the company has developed a technique called Bounce Address Tag Validation to mark every message sent through its servers with a timestamp and unique cryptographic signature that cannot be duplicated.

Then any email that enters the network as a failed delivery message without this signature can be marked as spam and blocked.