Back to Community Threads
1
bounce backs from spoofed emails causing havok
Question asked by Tim Walker - 3/10/2015 at 8:50 AM
Unanswered
   we have a user who has got 16,000 bounce backs from a varity of IP addresses... the emails are originally from a network in Russia by the looks of a sampling, but the bounces come from real ISPs and mail servers from all over.
 
I have reviewed the emails and they are not coming from our network. We do have an SPF in place for the senders domain.
 
Looking at how to stop NDRs for emails that we didnt send?
 
Thoughts?        

5 Replies

Reply to Thread
0
Bruce Barnes Replied
3/10/2015 at 8:52 AM
DMARC will get rid of them.  Somewhat controversial, but stops them dead in their tracks.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Tim Walker Replied
3/10/2015 at 11:31 AM
any other suggestions? DMARC seems over kill and could cause false positives for others
0
Bruce Barnes Replied
3/10/2015 at 1:14 PM
We run DMARC because it is required by some larger ISPs when you run large lists and have zero problems with it.
 
It does require that you pay attention to how the DMARC statements are configured in DNS, especially when you are using an outside list service.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Linda Pagillo Replied
3/11/2015 at 9:08 AM
Hi Tim. If you are using Declude with Smartermail, we offer a few content filters for Declude that will work to stop the bounces from getting to your customers. You can download both Declude, free of charge from the following link: http://mailsbestfriend.com/downloads The filters are also free. You can get them from http://mailsbestfriend.com/downloads/Filters. The 2 filters you will want are FILTER-NOSENDER and FILTER-BACKSCATTER. Those 2 filters were custom-made to handle situations such as yours. If you have any questions, please let me know. Thanks.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Bruce Barnes Replied
3/11/2015 at 9:13 AM
Be VERY CAREFUL about refusing NO SENDER messages.  Many servers send informational messages with no sender and the IETF states that mail servers must accept them.
 
The ultimate decision is the server owner and operator, but many no sender messages contain important information which should not be ignored.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration
Cannot Send Email MessagesSmarterMail > Troubleshooting
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Restore a User's Account, Folders, or EmailsSmarterMail > Server Configuration and Management