Backscatter by Misdirected Bounces - Why it is abusive and how to stop your system doing so
Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected.
If you send NDRs (bounces) to innocent people out there, this is considered abusive because it can amount to a DDOS.
Example:
Spammer fakes ‘from’ to be [email protected] and sends out 30 million emails with that forged sender, what do you think will happen?
If yourcompany.tld has a properly configured mail server, the SMTP dialog will look like this:
HELO forged.domain.name
MAIL FROM: [email protected]
RCPT TO: [email protected]
550 User unknown
In this case, the spammers will not get their crap out of their mail queue and nobody will be hurt by your server.
But, if yourcompany.tld doesn’t have a properly configured server, it will accept the email for delivery and then it will be unable to deliver the email to local user "NoSuchUser".
Your server will next return the email to the forged sender, [email protected], which is logically a case of abuse, because victim@victimdomain did not send the crap to you ...
Worst case scenario: There are millions of poorly configured email servers out there, so therefore [email protected] will get millions of reports telling him that his email was not delivered ....
What email ??? he didn’t send it ...!!!
What this means to you:
If any spammer was to fake a ‘From’ to be the same as one of our spamtrap email addresses, the resulting NDR from your server would hit our spamtrap causing your IP address to be blacklisted here,
because your system sends backscatter to our spamtraps.
Find out how you can stop your system sending misdirected bounces (External Link)
Click here - a new window will open
|