1
bounce backs from spoofed emails causing havok
Question asked by Tim Walker - March 10, 2015 at 8:50 AM
Unanswered
   we have a user who has got 16,000 bounce backs from a varity of IP addresses... the emails are originally from a network in Russia by the looks of a sampling, but the bounces come from real ISPs and mail servers from all over.
 
I have reviewed the emails and they are not coming from our network. We do have an SPF in place for the senders domain.
 
Looking at how to stop NDRs for emails that we didnt send?
 
Thoughts?        

4 Replies

Reply to Thread
0
Bruce Barnes Replied
March 10, 2015 at 8:52 AM
DMARC will get rid of them.  Somewhat controversial, but stops them dead in their tracks.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Tim Walker Replied
March 10, 2015 at 11:31 AM
any other suggestions? DMARC seems over kill and could cause false positives for others
0
Bruce Barnes Replied
March 10, 2015 at 1:14 PM
We run DMARC because it is required by some larger ISPs when you run large lists and have zero problems with it.
 
It does require that you pay attention to how the DMARC statements are configured in DNS, especially when you are using an outside list service.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce Barnes Replied
March 11, 2015 at 9:13 AM
Be VERY CAREFUL about refusing NO SENDER messages.  Many servers send informational messages with no sender and the IETF states that mail servers must accept them.
 
The ultimate decision is the server owner and operator, but many no sender messages contain important information which should not be ignored.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread