SlideShare a Scribd company logo

How to Block NDR Spam

GFI Software
GFI Software

This white paper provides a technical explanation of NDR Spam and recommend solutions that can prevent or limit exposure to this kind of unsolicited email.

TechnologyNews & Politics
1 of 9
Download to read offline
GFI White Paper How to block NDR spam Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR spam that has an effect similar to a Distributed Denial of Service (DDoS) on the email system. In this paper we provide a technical explanation of NDR spam and recommend solutions that can prevent or limit exposure to this kind of unsolicited email.
Contents What is a non-delivery report? 3 How does NDR spam work? 4 Why does NDR spam work? 6 How to reduce exposure to NDR spam 7 A better solution 7 About GFI® 8 2
What is a non-delivery report? Email systems support a service called Delivery Status Notification or DSN1 for short. This feature allows end users to be notified of successful or failed delivery of email messages. Examples include sending a report when email delivery has been delayed or when an email message has been successfully delivered. A non-delivery report or NDR, is a DSN message sent by the email server (mail transfer agent or MTA for short) that informs the sender that the delivery of the email message failed. While there are various events that can trigger an NDR, the most common cases are when the recipient of the message does not exist or when the destination mailbox is full. A simple email message is typically made up of a set of headers and at least one body. An example of this can be seen in Figure 1. In this example, the email is sent from user1@domain1.com to user2@domain2.com. If the domain name domain2.com does not exist or does not have an email server, then the MTA at domain1. com will send an NDR to user1@domain1.com2. When the domain name exists and the MTA at domain2. com is accepting email, the behavior is different. In this case, the domain2.com email server should check if the destination mailbox exists and is accepting emails. If this is not the case, then the MTA should reject the email message. However, many mail servers will accept any email and then bounce the email later on if the destination address does not exist. From: <user1@domain1.com> To: <user2@domain2.com> Subject: Example Email Body Figure 1 Figure 2 describes a scenario where user2@domain2.com does not exist, but the mail server at domain2.com still accepts the email as it cannot verify if the mailbox exists or not. The server then sends an NDR message to user1@domain1.com which includes the original message attached. How to block NDR spam 3
Figure 2 How does NDR spam work? The SMTP protocol does not support authentication of the sender address. As a result, email messages can claim to be coming from any valid email address. Spammers have long known about this and tend to make use of fake addresses when sending their bulk mail. Since successful spam relies on targeting the largest number of clients possible, spammers tend to have large lists of email addresses. How to block NDR spam 4
Some of the email addresses in their list might not exist or have been disabled. In many of these cases, the mail server handling the nonexistent email address may send an NDR to the faked sender address in the original email. If this address belongs to a valid user then what happens is that this user ends up receiving the non-delivery reports. Since the emails sent out by the spammer tend to be in large numbers, thousands of NDRs may end up in the victim’s mailbox. The resulting emails are known as NDR spam or backscatter and an example is illustrated in Figure 3. How to block NDR spam 5
Figure 3 Why does NDR spam work? Many mail servers are known to block email coming from non-existent domain names. Therefore spammers spoof email addresses which have valid working domain names to bypass this simple check. The result is that the victim MTA handling the email address that was faked by the spammers will receive a large number of NDR messages. These email messages can be difficult to block as it is not straightforward to distinguish between a legitimate NDR and one generated by spam. It is unlikely that the spammers make use of this method to guarantee the delivery of the spam message. This is especially true when the address being spammed with NDRs is receiving hundreds of emails in a short time. Apart from this, the presentation of the spam message is reduced since the message can be truncated or appear as an attachment. Therefore the message is less likely to be read. An example of an NDR spam email message can be seen in Figure 4. How to block NDR spam 6
Figure 4 How to reduce exposure to NDR spam If you are responsible for a network that is a victim of NDR spam or backscatter, there are only a few preventive measures that you can take. One of the more straightforward solutions is to turn off your catchall mailboxes3. When this feature is disabled, unless the spammer spoofs your email address, your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server. If on the other hand, you are responsible for an email server that is causing NDR spam, then it is recommended that you configure the mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Various email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail, have patches to improve the behavior to create less backscatter. One can find online resources which detail4 how to configure these servers to prevent the NDR spam problem getting worse. A better solution The latest version of GFI MailEssentials™ for Exchange and SMTP5 allows automated blocking of NDR spam. This solution does not require any changes to be made on the mail server’s side. GFI MailEssentials scans NDR emails by making use of the existing anti-spam features employed by GFI MailEssentials, such as the Bayesian filter, DNS blacklists, sender URI real-time blocklists and keyword checking. GFI MailEssentials will also make use of the directory harvesting feature6 on the gateway to drop email messages and NDRs sent to non-existent users. If the NDR makes it past these protection mechanisms, then the email message is checked against the “NewSender” feature. This feature allows end users to receive only legitimate non-delivery reports, thus allowing them to focus on actual work rather than cleaning up the mailbox. How to block NDR spam 7
About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 1 The technical details for DSN can be found in RFC1891 2 As per RFC 2821, the sender address is taken from the SMTP “MAIL FROM” command 3 Catchall mailboxes are email mailboxes that receive all email messages which do not have a named mailbox 4 Preventing Backscatter 5 How to check for NDR spam 6 Directory harvesting How to block NDR spam 8
USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Recommended

How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharyasankhadeep
 
Spamming
SpammingSpamming
SpammingYash Shrivastava
 
What is SPAM?
What is SPAM?What is SPAM?
What is SPAM?Yavuz Adabalı
 
E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentationnewsan2001
 
Network paperthesis1
Network paperthesis1Network paperthesis1
Network paperthesis1Dhara Shah
 
Spamming Ict
Spamming IctSpamming Ict
Spamming Ictsiewying
 

Recommended

How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharyasankhadeep
 
Spamming
SpammingSpamming
SpammingYash Shrivastava
 
What is SPAM?
What is SPAM?What is SPAM?
What is SPAM?Yavuz Adabalı
 
E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentationnewsan2001
 
Network paperthesis1
Network paperthesis1Network paperthesis1
Network paperthesis1Dhara Shah
 
Spamming Ict
Spamming IctSpamming Ict
Spamming Ictsiewying
 
E spam
E spamE spam
E spamzelkan19
 
Spam
SpamSpam
SpamApostolos Syropoulos
 
Spamming and Spam Filtering
Spamming and Spam FilteringSpamming and Spam Filtering
Spamming and Spam FilteringiNazneen
 
E mail image spam filtering techniques
E mail image spam filtering techniquesE mail image spam filtering techniques
E mail image spam filtering techniquesranjit banshpal
 
Spam and Anti Spam Techniques
Spam and Anti Spam TechniquesSpam and Anti Spam Techniques
Spam and Anti Spam TechniquesMạnh Nguyễn Văn
 
How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works Pinpointe On-Demand
 
A Survey: SMS Spam Filtering
A Survey: SMS Spam FilteringA Survey: SMS Spam Filtering
A Survey: SMS Spam Filteringijtsrd
 
Sendgrid Deliverability Guide
Sendgrid Deliverability GuideSendgrid Deliverability Guide
Sendgrid Deliverability GuideFrançois-Yves Prigent
 
Jt3616901697
Jt3616901697Jt3616901697
Jt3616901697IJERA Editor
 
A multi layer architecture for spam-detection system
A multi layer architecture for spam-detection systemA multi layer architecture for spam-detection system
A multi layer architecture for spam-detection systemcsandit
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2Infusionsoft
 
Spam Email identification
Spam Email identificationSpam Email identification
Spam Email identificationPartnered Health
 
Spam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes AlgorithmSpam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes AlgorithmAkshay Pal
 
Spam
SpamSpam
SpamAbhilekh Agarwal
 
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)Pinpointe On-Demand
 
What is dmarc
What is dmarcWhat is dmarc
What is dmarcGodmarc
 
Tips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklistedTips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklistedDryden Geary
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010Symantec Italia
 
Jones a 1
Jones a 1Jones a 1
Jones a 1Ann Witherspoon
 
The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011peppern
 
Shakespeare’s Globe Theater
Shakespeare’s Globe TheaterShakespeare’s Globe Theater
Shakespeare’s Globe TheaterTheDrillMovement
 
The Role of Courts
The Role of CourtsThe Role of Courts
The Role of CourtsThe Heritage Foundation
 

More Related Content

What's hot

Spamming and Spam Filtering
Spamming and Spam FilteringSpamming and Spam Filtering
Spamming and Spam FilteringiNazneen
 
E mail image spam filtering techniques
E mail image spam filtering techniquesE mail image spam filtering techniques
E mail image spam filtering techniquesranjit banshpal
 
How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works Pinpointe On-Demand
 
A Survey: SMS Spam Filtering
A Survey: SMS Spam FilteringA Survey: SMS Spam Filtering
A Survey: SMS Spam Filteringijtsrd
 
A multi layer architecture for spam-detection system
A multi layer architecture for spam-detection systemA multi layer architecture for spam-detection system
A multi layer architecture for spam-detection systemcsandit
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2Infusionsoft
 
Spam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes AlgorithmSpam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes AlgorithmAkshay Pal
 
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)Pinpointe On-Demand
 
What is dmarc
What is dmarcWhat is dmarc
What is dmarcGodmarc
 
Tips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklistedTips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklistedDryden Geary
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010Symantec Italia
 

What's hot (18)

E spam
E spamE spam
E spam
 
Spam
SpamSpam
Spam
 
Spamming and Spam Filtering
Spamming and Spam FilteringSpamming and Spam Filtering
Spamming and Spam Filtering
 
E mail image spam filtering techniques
E mail image spam filtering techniquesE mail image spam filtering techniques
E mail image spam filtering techniques
 
Spam and Anti Spam Techniques
Spam and Anti Spam TechniquesSpam and Anti Spam Techniques
Spam and Anti Spam Techniques
 
How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works
 
A Survey: SMS Spam Filtering
A Survey: SMS Spam FilteringA Survey: SMS Spam Filtering
A Survey: SMS Spam Filtering
 
Sendgrid Deliverability Guide
Sendgrid Deliverability GuideSendgrid Deliverability Guide
Sendgrid Deliverability Guide
 
Jt3616901697
Jt3616901697Jt3616901697
Jt3616901697
 
A multi layer architecture for spam-detection system
A multi layer architecture for spam-detection systemA multi layer architecture for spam-detection system
A multi layer architecture for spam-detection system
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2
 
Spam Email identification
Spam Email identificationSpam Email identification
Spam Email identification
 
Spam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes AlgorithmSpam filtering with Naive Bayes Algorithm
Spam filtering with Naive Bayes Algorithm
 
Spam
SpamSpam
Spam
 
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
Whitepaper: Email Marketing Tips - How a SPAM Filter Works (Q & A)
 
What is dmarc
What is dmarcWhat is dmarc
What is dmarc
 
Tips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklistedTips to prevent your email ip being blacklisted
Tips to prevent your email ip being blacklisted
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010
 

Viewers also liked

The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011peppern
 
Shakespeare’s Globe Theater
Shakespeare’s Globe TheaterShakespeare’s Globe Theater
Shakespeare’s Globe TheaterTheDrillMovement
 
TMX Equicom Corporate Presentation
TMX Equicom Corporate PresentationTMX Equicom Corporate Presentation
TMX Equicom Corporate PresentationTMX Equicom
 
Online Audience Development
Online Audience DevelopmentOnline Audience Development
Online Audience DevelopmentDavid Chivers
 
Viaje interactivo-18-01-16
Viaje interactivo-18-01-16Viaje interactivo-18-01-16
Viaje interactivo-18-01-16Martha Guarin
 
Gale Cengage Learning Webinar: Measuring Library Success, May 22
Gale Cengage Learning Webinar: Measuring Library Success, May 22Gale Cengage Learning Webinar: Measuring Library Success, May 22
Gale Cengage Learning Webinar: Measuring Library Success, May 22Cengage Learning
 
Naica crystalcavemexico
Naica crystalcavemexicoNaica crystalcavemexico
Naica crystalcavemexicograndkidzrock
 
US Landmarks Webquest
US Landmarks WebquestUS Landmarks Webquest
US Landmarks Webquestmjlloyd
 
Webquest carol
Webquest carolWebquest carol
Webquest carolCalonso011
 
Acpl group (fcl)ppt (1)
Acpl group (fcl)ppt (1)Acpl group (fcl)ppt (1)
Acpl group (fcl)ppt (1)Prasad Bhat
 
Brain pop outline
Brain pop outlineBrain pop outline
Brain pop outlineErin Raney
 
How To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 InfographicHow To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 InfographicON24
 

Viewers also liked (20)

Jones a 1
Jones a 1Jones a 1
Jones a 1
 
The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011The Big Data Exploratorium OSB 2011
The Big Data Exploratorium OSB 2011
 
Shakespeare’s Globe Theater
Shakespeare’s Globe TheaterShakespeare’s Globe Theater
Shakespeare’s Globe Theater
 
The Role of Courts
The Role of CourtsThe Role of Courts
The Role of Courts
 
TMX Equicom Corporate Presentation
TMX Equicom Corporate PresentationTMX Equicom Corporate Presentation
TMX Equicom Corporate Presentation
 
Panbiogeografia en Haemagogus
Panbiogeografia en HaemagogusPanbiogeografia en Haemagogus
Panbiogeografia en Haemagogus
 
Online Audience Development
Online Audience DevelopmentOnline Audience Development
Online Audience Development
 
HTB
HTBHTB
HTB
 
(BM19) 2-NOVEDADES INTERN
(BM19) 2-NOVEDADES INTERN(BM19) 2-NOVEDADES INTERN
(BM19) 2-NOVEDADES INTERN
 
Viaje interactivo-18-01-16
Viaje interactivo-18-01-16Viaje interactivo-18-01-16
Viaje interactivo-18-01-16
 
Gale Cengage Learning Webinar: Measuring Library Success, May 22
Gale Cengage Learning Webinar: Measuring Library Success, May 22Gale Cengage Learning Webinar: Measuring Library Success, May 22
Gale Cengage Learning Webinar: Measuring Library Success, May 22
 
Naica crystalcavemexico
Naica crystalcavemexicoNaica crystalcavemexico
Naica crystalcavemexico
 
Eric Strecker3
Eric Strecker3Eric Strecker3
Eric Strecker3
 
US Landmarks Webquest
US Landmarks WebquestUS Landmarks Webquest
US Landmarks Webquest
 
Webquest carol
Webquest carolWebquest carol
Webquest carol
 
Acpl group (fcl)ppt (1)
Acpl group (fcl)ppt (1)Acpl group (fcl)ppt (1)
Acpl group (fcl)ppt (1)
 
0815FINAL.FULLPDFTop200
0815FINAL.FULLPDFTop2000815FINAL.FULLPDFTop200
0815FINAL.FULLPDFTop200
 
Final hta + cd + icc + iam + bcri
Final hta + cd + icc + iam + bcriFinal hta + cd + icc + iam + bcri
Final hta + cd + icc + iam + bcri
 
Brain pop outline
Brain pop outlineBrain pop outline
Brain pop outline
 
How To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 InfographicHow To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 Infographic
 

Similar to How to Block NDR Spam

How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...Gangcai Lin
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofingMattChapman50
 
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Peter Eisentraut
 
End the Nightmares! 10 Email Deliverability Myths Debunked
End the Nightmares! 10 Email Deliverability Myths DebunkedEnd the Nightmares! 10 Email Deliverability Myths Debunked
End the Nightmares! 10 Email Deliverability Myths DebunkedYes Lifecycle Marketing
 
Stay Out of Spam Folder
Stay Out of Spam FolderStay Out of Spam Folder
Stay Out of Spam FolderMyStockAlarm
 
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...IJNSA Journal
 
understanding-email-deliverability-salesforce-version-final-july2023.pdf
understanding-email-deliverability-salesforce-version-final-july2023.pdfunderstanding-email-deliverability-salesforce-version-final-july2023.pdf
understanding-email-deliverability-salesforce-version-final-july2023.pdfBalaramaRaju2
 
Protect your domain with DMARC
Protect your domain with DMARCProtect your domain with DMARC
Protect your domain with DMARCContactlab
 
2010 Spam Filtered World Fv
2010 Spam Filtered World Fv2010 Spam Filtered World Fv
2010 Spam Filtered World Fvcactussky
 
Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Thomas Stensitzki
 
B2B Email Deliverability Whitepaper
B2B Email Deliverability WhitepaperB2B Email Deliverability Whitepaper
B2B Email Deliverability WhitepaperB2B Email Experts
 
Maximise Email Deliverability
Maximise Email DeliverabilityMaximise Email Deliverability
Maximise Email DeliverabilityGetResponse
 
Email campaigns are the lifeblood of most industries.docx
Email campaigns are the lifeblood of most industries.docxEmail campaigns are the lifeblood of most industries.docx
Email campaigns are the lifeblood of most industries.docxPatricia Rountree
 
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERS
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERSAN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERS
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERSijsrd.com
 

Similar to How to Block NDR Spam (20)

How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofing
 
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
Collateral Damage: Consequences of Spam and Virus Filtering for the E-Mail S...
 
End the Nightmares! 10 Email Deliverability Myths Debunked
End the Nightmares! 10 Email Deliverability Myths DebunkedEnd the Nightmares! 10 Email Deliverability Myths Debunked
End the Nightmares! 10 Email Deliverability Myths Debunked
 
Stay Out of Spam Folder
Stay Out of Spam FolderStay Out of Spam Folder
Stay Out of Spam Folder
 
The Complete Guide to B2B Email Marketing
The Complete Guide to B2B Email MarketingThe Complete Guide to B2B Email Marketing
The Complete Guide to B2B Email Marketing
 
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...
MINIMIZING THE TIME OF SPAM MAIL DETECTION BY RELOCATING FILTERING SYSTEM TO ...
 
understanding-email-deliverability-salesforce-version-final-july2023.pdf
understanding-email-deliverability-salesforce-version-final-july2023.pdfunderstanding-email-deliverability-salesforce-version-final-july2023.pdf
understanding-email-deliverability-salesforce-version-final-july2023.pdf
 
Protect your domain with DMARC
Protect your domain with DMARCProtect your domain with DMARC
Protect your domain with DMARC
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
2010 Spam Filtered World Fv
2010 Spam Filtered World Fv2010 Spam Filtered World Fv
2010 Spam Filtered World Fv
 
Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)Modern Anti-Spam - Rejection, No Sorting (Version 2014)
Modern Anti-Spam - Rejection, No Sorting (Version 2014)
 
B2B Email Deliverability Whitepaper
B2B Email Deliverability WhitepaperB2B Email Deliverability Whitepaper
B2B Email Deliverability Whitepaper
 
E spam
E spamE spam
E spam
 
E spam
E spamE spam
E spam
 
E spam
E spamE spam
E spam
 
Maximise Email Deliverability
Maximise Email DeliverabilityMaximise Email Deliverability
Maximise Email Deliverability
 
Email campaigns are the lifeblood of most industries.docx
Email campaigns are the lifeblood of most industries.docxEmail campaigns are the lifeblood of most industries.docx
Email campaigns are the lifeblood of most industries.docx
 
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERS
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERSAN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERS
AN ANALYSIS OF EFFECTIVE ANTI SPAM PROTOCOL USING DECISION TREE CLASSIFIERS
 
Email bagging
Email baggingEmail bagging
Email bagging
 

More from GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 

More from GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Data Backups
Data BackupsData Backups
Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Greylisting
GreylistingGreylisting
Greylisting
 
Binary translation
Binary translationBinary translation
Binary translation
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

How to Block NDR Spam

  • 1. GFI White Paper How to block NDR spam Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR spam that has an effect similar to a Distributed Denial of Service (DDoS) on the email system. In this paper we provide a technical explanation of NDR spam and recommend solutions that can prevent or limit exposure to this kind of unsolicited email.
  • 2. Contents What is a non-delivery report? 3 How does NDR spam work? 4 Why does NDR spam work? 6 How to reduce exposure to NDR spam 7 A better solution 7 About GFI® 8 2
  • 3. What is a non-delivery report? Email systems support a service called Delivery Status Notification or DSN1 for short. This feature allows end users to be notified of successful or failed delivery of email messages. Examples include sending a report when email delivery has been delayed or when an email message has been successfully delivered. A non-delivery report or NDR, is a DSN message sent by the email server (mail transfer agent or MTA for short) that informs the sender that the delivery of the email message failed. While there are various events that can trigger an NDR, the most common cases are when the recipient of the message does not exist or when the destination mailbox is full. A simple email message is typically made up of a set of headers and at least one body. An example of this can be seen in Figure 1. In this example, the email is sent from user1@domain1.com to user2@domain2.com. If the domain name domain2.com does not exist or does not have an email server, then the MTA at domain1. com will send an NDR to user1@domain1.com2. When the domain name exists and the MTA at domain2. com is accepting email, the behavior is different. In this case, the domain2.com email server should check if the destination mailbox exists and is accepting emails. If this is not the case, then the MTA should reject the email message. However, many mail servers will accept any email and then bounce the email later on if the destination address does not exist. From: <user1@domain1.com> To: <user2@domain2.com> Subject: Example Email Body Figure 1 Figure 2 describes a scenario where user2@domain2.com does not exist, but the mail server at domain2.com still accepts the email as it cannot verify if the mailbox exists or not. The server then sends an NDR message to user1@domain1.com which includes the original message attached. How to block NDR spam 3
  • 4. Figure 2 How does NDR spam work? The SMTP protocol does not support authentication of the sender address. As a result, email messages can claim to be coming from any valid email address. Spammers have long known about this and tend to make use of fake addresses when sending their bulk mail. Since successful spam relies on targeting the largest number of clients possible, spammers tend to have large lists of email addresses. How to block NDR spam 4
  • 5. Some of the email addresses in their list might not exist or have been disabled. In many of these cases, the mail server handling the nonexistent email address may send an NDR to the faked sender address in the original email. If this address belongs to a valid user then what happens is that this user ends up receiving the non-delivery reports. Since the emails sent out by the spammer tend to be in large numbers, thousands of NDRs may end up in the victim’s mailbox. The resulting emails are known as NDR spam or backscatter and an example is illustrated in Figure 3. How to block NDR spam 5
  • 6. Figure 3 Why does NDR spam work? Many mail servers are known to block email coming from non-existent domain names. Therefore spammers spoof email addresses which have valid working domain names to bypass this simple check. The result is that the victim MTA handling the email address that was faked by the spammers will receive a large number of NDR messages. These email messages can be difficult to block as it is not straightforward to distinguish between a legitimate NDR and one generated by spam. It is unlikely that the spammers make use of this method to guarantee the delivery of the spam message. This is especially true when the address being spammed with NDRs is receiving hundreds of emails in a short time. Apart from this, the presentation of the spam message is reduced since the message can be truncated or appear as an attachment. Therefore the message is less likely to be read. An example of an NDR spam email message can be seen in Figure 4. How to block NDR spam 6
  • 7. Figure 4 How to reduce exposure to NDR spam If you are responsible for a network that is a victim of NDR spam or backscatter, there are only a few preventive measures that you can take. One of the more straightforward solutions is to turn off your catchall mailboxes3. When this feature is disabled, unless the spammer spoofs your email address, your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server. If on the other hand, you are responsible for an email server that is causing NDR spam, then it is recommended that you configure the mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Various email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail, have patches to improve the behavior to create less backscatter. One can find online resources which detail4 how to configure these servers to prevent the NDR spam problem getting worse. A better solution The latest version of GFI MailEssentials™ for Exchange and SMTP5 allows automated blocking of NDR spam. This solution does not require any changes to be made on the mail server’s side. GFI MailEssentials scans NDR emails by making use of the existing anti-spam features employed by GFI MailEssentials, such as the Bayesian filter, DNS blacklists, sender URI real-time blocklists and keyword checking. GFI MailEssentials will also make use of the directory harvesting feature6 on the gateway to drop email messages and NDRs sent to non-existent users. If the NDR makes it past these protection mechanisms, then the email message is checked against the “NewSender” feature. This feature allows end users to receive only legitimate non-delivery reports, thus allowing them to focus on actual work rather than cleaning up the mailbox. How to block NDR spam 7
  • 8. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 1 The technical details for DSN can be found in RFC1891 2 As per RFC 2821, the sender address is taken from the SMTP “MAIL FROM” command 3 Catchall mailboxes are email mailboxes that receive all email messages which do not have a named mailbox 4 Preventing Backscatter 5 How to check for NDR spam 6 Directory harvesting How to block NDR spam 8
  • 9. USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.