Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide

Contributed by Jai Gill and Robert Sherwin, Cisco TAC Engineers.
Jun 11, 2014

Introduction
Background Information
     Joe Job
     Backscatter
Problem
Solution
     Bounce Verification
     Configure Bounce Verification Address Tagging Keys
        Purging Keys
     Configure Cisco Bounce Verification Settings
     Configure Cisco Bounce Verification with the CLI
     Cisco Bounce Verification and Cluster Configuration
     Mail Filter
     Mail Block

This document describes a problem encountered where your Email Security Appliance (ESA) experiences a
bounce storm and offers a solution to the problem.

A bounce storm is a side effect of a joe job or a backscatter of email spam.

A joe job is a spam attack that uses spoofed sender data and aims to tarnish the reputation of the apparent
sender and/or induce the recipients to take action against the apparent sender.

A backscatter is a side effect of email spam, viruses, and worms where email servers that receive spam and
other mail send bounce messages to an innocent party. This occurs because the original message envelope
sender is forged in order to contain the email address of the victim. Since these messages were not solicited by
the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as
unsolicited bulk email or spam. As such, systems that generate email backscatter can become listed on various
Domain Name System Blacklists (DNSBLs) and be in violation of the Internet service providers Terms of
Service.