NDR Spam

Unanswered Question
Apr 22nd, 2009
User Badges:

We have a Cisco Spam Blocker appliance version B10 running the latest software. We seem to get 40 - 50 Russian NDR type spam emails into users mailboxes every day. Is there any way to stop these emails?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhogue Sun, 04/26/2009 - 12:34
User Badges:


I have a few suggestions:

Make sure you have Bounce Verification enabled. When enabled, this feature tags the Envelope Sender address for messages sent via the Blocker. The Envelope Recipient for any bounce message received by the Blocker is then checked for the presence of this tag. When legitimate bounce messages are received, the tag that was added to Envelope Sender address is removed and the bounce is delivered to the recipient. Bounce messages that do not contain the tag can be handled separately.

You could also set up a message filter to block messages which have an empty mail "from" address.

Finally, since these bounce messages will most likely have a non-existent envelope recipient address, blocking invalid addresses via in conversation LDAP recipient validation will help lower the impact of such messages.




This Discussion