Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
Chapter 2 Configuring Routing and Delivery Features
2-72
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
IronPort Bounce Verification
A “bounce” message is a new message that is sent by a receiving MTA, using the
Envelope Sender of the original email as the new Envelope Recipient. This bounce
is sent back to the Envelope Recipient (usually) with a blank Envelope Sender
(MAIL FROM: < >) when the original message is undeliverable (typically due to
a non-existent recipient address).
Envelope Sender of the original email as the new Envelope Recipient. This bounce
is sent back to the Envelope Recipient (usually) with a blank Envelope Sender
(MAIL FROM: < >) when the original message is undeliverable (typically due to
a non-existent recipient address).
Increasingly, spammers are attacking email infrastructure via misdirected bounce
attacks. These attacks consist of a flood of bounce messages, sent by unknowing,
legitimate mail servers. Basically, the process spammers use is to send email via
open relays and “zombie” networks to multiple, potentially invalid addresses
(Envelope Recipients) at various domains. In these messages, the Envelope
Sender is forged so that the spam appears to be coming from a legitimate domain
(this is known as a “Joe job”).
attacks. These attacks consist of a flood of bounce messages, sent by unknowing,
legitimate mail servers. Basically, the process spammers use is to send email via
open relays and “zombie” networks to multiple, potentially invalid addresses
(Envelope Recipients) at various domains. In these messages, the Envelope
Sender is forged so that the spam appears to be coming from a legitimate domain
(this is known as a “Joe job”).
In turn, for each incoming email with an invalid Envelope Recipient, the receiving
mail servers generate a new email — a bounce message — and send it along to
the Envelope Sender at the innocent domain (the one whose Envelope Sender
address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of
distributed denial of service attack can bring down email infrastructure and render
it impossible for the target to send or receive legitimate email.
mail servers generate a new email — a bounce message — and send it along to
the Envelope Sender at the innocent domain (the one whose Envelope Sender
address was forged). As a result, this target domain receives a flood of
“misdirected” bounces — potentially millions of messages. This type of
distributed denial of service attack can bring down email infrastructure and render
it impossible for the target to send or receive legitimate email.
To combat these misdirected bounce attacks, AsyncOS includes IronPort Bounce
Verification. When enabled, IronPort Bounce Verification tags the Envelope
Sender address for messages sent via your IronPort appliance. The Envelope
Recipient for any bounce message received by the IronPort appliance is then
checked for the presence of this tag. Legitimate bounces (which should contain
this tag) are untagged and delivered. Bounce messages that do not contain the tag
can be handled separately.
Verification. When enabled, IronPort Bounce Verification tags the Envelope
Sender address for messages sent via your IronPort appliance. The Envelope
Recipient for any bounce message received by the IronPort appliance is then
checked for the presence of this tag. Legitimate bounces (which should contain
this tag) are untagged and delivered. Bounce messages that do not contain the tag
can be handled separately.
Note that you can use IronPort Bounce Verification to manage incoming bounce
messages based on your outgoing mail. To control how your IronPort appliance
generates outgoing bounces (based on incoming mail), see
messages based on your outgoing mail. To control how your IronPort appliance
generates outgoing bounces (based on incoming mail), see