bounce backs from spoofed emails causing havok
Question asked by Tim Walker - 3/10/2015 at 8:50 AM
Unanswered
   we have a user who has got 16,000 bounce backs from a varity of IP addresses... the emails are originally from a network in Russia by the looks of a sampling, but the bounces come from real ISPs and mail servers from all over.
 
I have reviewed the emails and they are not coming from our network. We do have an SPF in place for the senders domain.
 
Looking at how to stop NDRs for emails that we didnt send?
 
Thoughts?        

5 Replies

Reply to Thread
0
Bruce Barnes Replied
DMARC will get rid of them.  Somewhat controversial, but stops them dead in their tracks.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Tim Walker Replied
any other suggestions? DMARC seems over kill and could cause false positives for others
0
Bruce Barnes Replied
We run DMARC because it is required by some larger ISPs when you run large lists and have zero problems with it.
 
It does require that you pay attention to how the DMARC statements are configured in DNS, especially when you are using an outside list service.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Linda Pagillo Replied
Hi Tim. If you are using Declude with Smartermail, we offer a few content filters for Declude that will work to stop the bounces from getting to your customers. You can download both Declude, free of charge from the following link: http://mailsbestfriend.com/downloads The filters are also free. You can get them from http://mailsbestfriend.com/downloads/Filters. The 2 filters you will want are FILTER-NOSENDER and FILTER-BACKSCATTER. Those 2 filters were custom-made to handle situations such as yours. If you have any questions, please let me know. Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Bruce Barnes Replied
Be VERY CAREFUL about refusing NO SENDER messages.  Many servers send informational messages with no sender and the IETF states that mail servers must accept them.
 
The ultimate decision is the server owner and operator, but many no sender messages contain important information which should not be ignored.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread