bounce backs from spoofed emails causing havok
Question asked by Tim Walker - March 10, 2015 at 8:50 AM
Unanswered
   we have a user who has got 16,000 bounce backs from a varity of IP addresses... the emails are originally from a network in Russia by the looks of a sampling, but the bounces come from real ISPs and mail servers from all over.
 
I have reviewed the emails and they are not coming from our network. We do have an SPF in place for the senders domain.
 
Looking at how to stop NDRs for emails that we didnt send?
 
Thoughts?        

4 Replies

Reply to Thread
0
DMARC will get rid of them.  Somewhat controversial, but stops them dead in their tracks.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
any other suggestions? DMARC seems over kill and could cause false positives for others
0
We run DMARC because it is required by some larger ISPs when you run large lists and have zero problems with it.
 
It does require that you pay attention to how the DMARC statements are configured in DNS, especially when you are using an outside list service.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Be VERY CAREFUL about refusing NO SENDER messages.  Many servers send informational messages with no sender and the IETF states that mail servers must accept them.
 
The ultimate decision is the server owner and operator, but many no sender messages contain important information which should not be ignored.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread