Wednesday, May 16, 2007



Bounces are messages, officially called non-delivery reports (NDR) or delivery status notifications (DSN), that are generated by a mail server to report on the delivery status of an email message.

It is becoming increasingly popular for aggressive Real-time Blocking Lists (RBLs) to blacklist mail servers for sending out NDRs to bogus addresses (known has "backscatter").

Problems arise with bounces if they are sent by a mail server to a non-local recipient. If a message did not originate locally, then a mail server cannot know for sure if the address it is sending the bounce to is forged or not. This quickly leads to unsolicited "backscatter" (or more rarely "outscatter"), sent to sites that never originated the email.

The MX should be made aware of the status of user mailboxes on the local system that the mail will eventually be delivered to. To reduce the chances of a bounce being necessary, DNSBLs should be used to reject spam during the SMTP session based on the sending IP address, and content based spam filters should be used to identify and reject spam during the SMTP session, during the DATA phase.

Bounces should ideally only be generated by a mail server to a local recipient. Mail servers should not generate bounces to non-local recipients, but should instead reject the mail during the SMTP session, and leave the remote sending server to handle the bounce: if a rejected mail is a legitimate message, the bounce gets generated by the remote sending machine, as expected; if a rejected mail is not a legitimate message, the remote end will probably not generate a bounce, and all is still well

Some client-side spam filters are starting to use a "fake bounce" feature. The concept of sending fake bounces can be very seductive to those who don't understand the consequences. Firing off a fake bounce gives a temporary feeling of power to the spammed, but it is futile and abusive.

The best solution I've found is to enable the "Filter recipients who are not in the Directory" option under "Recipient Filtering" under "Message Delivery Properties" in the Exchange Server's Global Settings. See image below...


Stop E-mail Spoofing on your Mail Server.


Oz ozugurlu

No comments: