NDR Spam

Unanswered Question
Apr 22nd, 2009

We have a Cisco Spam Blocker appliance version B10 running the latest software. We seem to get 40 - 50 Russian NDR type spam emails into users mailboxes every day. Is there any way to stop these emails?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhogue Sun, 04/26/2009 - 12:34


I have a few suggestions:

Make sure you have Bounce Verification enabled. When enabled, this feature tags the Envelope Sender address for messages sent via the Blocker. The Envelope Recipient for any bounce message received by the Blocker is then checked for the presence of this tag. When legitimate bounce messages are received, the tag that was added to Envelope Sender address is removed and the bounce is delivered to the recipient. Bounce messages that do not contain the tag can be handled separately.

You could also set up a message filter to block messages which have an empty mail "from" address.

Finally, since these bounce messages will most likely have a non-existent envelope recipient address, blocking invalid addresses via in conversation LDAP recipient validation will help lower the impact of such messages.


jsteer Wed, 06/17/2009 - 03:12


this sound slike a possible efficacy issue - for spam & ham that is being missed that you feel should be picked up pls report them to the following addresses:

Missed spam - spam@access.ironport.com

Missed phish - phish@access.ironport.com

All msgs need to be sent as an attachment, not forwarded, as this breaks the message headers and makes it harder to include into our systems for speedy analysis.



This Discussion