Question about tagging bounce verification

Unanswered Question
May 16th, 2008
User Badges:

Hi all,

I'm a really new beginner with IronPort and more generally with antispam. So you will maybe find my questions a little bit newbee but I need it for understand and improve myself :wink:

First I have a C150 with AsyncOS 5.5.1-014.

I use tagging outgoing mails and bounce verification and for some domains, they failed for delivery.

For example: I send a mail at [email protected] from my adress: [email protected], the client has an antispam which send a mail back to my personnal adress [email protected] with the mail adress [email protected].

What it seems to happen is that [email protected] send a mail to my tagged address (something like prvs=myadress=[email protected]) and is then rejected by the RAT. As I rejected his mail and their antispam wait for a correct answer from their mail, they dropped my mail.

So my questions are:
- When I send a send a mail (which is tagged) to an address [email protected], if another mail adress send me a mail to my tagged address, is this mail considered as a spam ?
- Does the ironport wait that only mail addresses I have send my tagged mail in return with that tag? And to dig a little more, if I received a mail to my tagged mail address I send to another people, will this mail untag and then checked by RAT ?

Thanks by advance and best regards,
Arcastor :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
karlyoun Sun, 05/18/2008 - 19:11
User Badges:
  • Cisco Employee,


Hi all,

AsyncOS 5.5.1-014.

I use tagging outgoing mails and bounce verification and for some domains, they failed for delivery.

For example: I send a mail at [email protected] from my adress: [email protected], the client has an antispam which send a mail back to my personnal adress [email protected] with the mail adress [email protected]

What it seems to happen is that [email protected] send a mail to my tagged address (something like [email protected]) and is then rejected by the RAT. As I rejected his mail and their antispam wait for a correct answer from their mail, they dropped my mail.



Thanks by advance and best regards,
Arcastor :)


Two important points here:

1) It looks like what's going on is the toto.com domain is using Sender Address Verification (SAV). When the IronPort attempts to send email, they make a connection back and see if the sender is a valid recipient for the sending domain. They should be using a null (<>) sender, which will trigger the Bounce Verification code on the IronPort.

2) You are running AsyncOS 5.5.1-014. There is a bug with Bounce Verification that was recently fixed You should upgrade: either to 5.5.1-019, or go to the very latest, 6.1.0-306.

-karl
Donald Nash Sun, 05/18/2008 - 20:53
User Badges:


the client has an antispam which send a mail back to my personnal adress [email protected] with the mail adress [email protected]

They're doing SMTP callbacks, aka Sender Address Verification. SMTP callbacks do more harm than good. They're hard to get right, which means many implementations get them wrong. And when done improperly, they have all sorts of bad side effects, like not working with bounce verification. Even when done right, they still have a high false positive rate. And worst of all, they've induced spammers to start using stolen legitimate return addresses for the spam they send, so their mail will pass the callback test. That means the real owner of the stolen address gets all the bounces for the undeliverable spam. For all these reasons and a few others, SMTP callbacks are considered abusive behavior by many system administrators. There are blacklists which list servers that use SMTP callbacks.

If you can get your client to quit using SMTP callbacks, that would be best. If not, then you'll need to find a way to disable bounce verification when sending to them.
arcastor_ironport Mon, 05/19/2008 - 08:44
User Badges:

Thanks for all this answers.

About the upgrade, it's plan to do it this week :wink:

wmchurch_ironport Sun, 06/15/2008 - 04:52
User Badges:

arcastor:

You can disable address tagging per domain in (Mail Policies | Destinations Controls)

Actions

This Discussion