Re: Question about tagging bounce verification

arcastor_ironport · ‎05-16-2008

Hi all,

I'm a really new beginner with IronPort and more generally with antispam. So you will maybe find my questions a little bit newbee but I need it for understand and improve myself :wink:

First I have a C150 with AsyncOS 5.5.1-014.

I use tagging outgoing mails and bounce verification and for some domains, they failed for delivery.

For example: I send a mail at toto@toto.com from my adress: myadress@mycompany.com, the client has an antispam which send a mail back to my personnal adress myadress@mycompany.com with the mail adress probe@toto.com.

What it seems to happen is that probe@toto.com send a mail to my tagged address (something like prvs=myadress=00466690b@mycompany.com) and is then rejected by the RAT. As I rejected his mail and their antispam wait for a correct answer from their mail, they dropped my mail.

So my questions are:
- When I send a send a mail (which is tagged) to an address toto@toto.com, if another mail adress send me a mail to my tagged address, is this mail considered as a spam ?
- Does the ironport wait that only mail addresses I have send my tagged mail in return with that tag? And to dig a little more, if I received a mail to my tagged mail address I send to another people, will this mail untag and then checked by RAT ?

Thanks by advance and best regards,
Arcastor :)

karlyoun · ‎05-18-2008

Hi all,

AsyncOS 5.5.1-014.

I use tagging outgoing mails and bounce verification and for some domains, they failed for delivery. 

For example: I send a mail at toto@toto.com from my adress: myadress@mycompany.com, the client has an antispam which send a mail back to my personnal adress myadress@mycompany.com with the mail adress probe@toto.com.

What it seems to happen is that probe@toto.com send a mail to my tagged address (something like prvs=myadress=00466690b@mycompany.com) and is then rejected by the RAT. As I rejected his mail and their antispam wait for a correct answer from their mail, they dropped my mail.



Thanks by advance and best regards,
Arcastor  :)

Two important points here:

1) It looks like what's going on is the toto.com domain is using Sender Address Verification (SAV). When the IronPort attempts to send email, they make a connection back and see if the sender is a valid recipient for the sending domain. They should be using a null (<>) sender, which will trigger the Bounce Verification code on the IronPort.

2) You are running AsyncOS 5.5.1-014. There is a bug with Bounce Verification that was recently fixed You should upgrade: either to 5.5.1-019, or go to the very latest, 6.1.0-306.

-karl

Donald Nash · ‎05-18-2008

the client has an antispam which send a mail back to my personnal adress myadress@mycompany.com with the mail adress probe@toto.com.

They're doing SMTP callbacks, aka Sender Address Verification. SMTP callbacks do more harm than good. They're hard to get right, which means many implementations get them wrong. And when done improperly, they have all sorts of bad side effects, like not working with bounce verification. Even when done right, they still have a high false positive rate. And worst of all, they've induced spammers to start using stolen legitimate return addresses for the spam they send, so their mail will pass the callback test. That means the real owner of the stolen address gets all the bounces for the undeliverable spam. For all these reasons and a few others, SMTP callbacks are considered abusive behavior by many system administrators. There are blacklists which list servers that use SMTP callbacks.

If you can get your client to quit using SMTP callbacks, that would be best. If not, then you'll need to find a way to disable bounce verification when sending to them.

arcastor_ironport · ‎05-19-2008

Thanks for all this answers.

About the upgrade, it's plan to do it this week :wink:

wmchurch_ironport · ‎06-15-2008

arcastor:

You can disable address tagging per domain in (Mail Policies | Destinations Controls)