E-mail system bounce mechanism is one of the Internet standards for the operation, almost all email systems support this feature. The so-called bounce mechanism, that e-mail system SMTP connection phase, check whether the recipient exists, if the recipient does not exist, or the receiving end for some reason could not accept e-mail system will automatically generate the bounce message (NDR 【 Non-Delivery Report】) and automatically sent to the sender. According to the definition of RFC, the mail system to accept such a NDR, or they may result in even normal mail can not be charged. Bounce attack is to use e-mail generated by this particular system.
The so-called bounce attack, is the object of pre-attack causing false sender address, the recipient is set to a range of other e-mail account domain does not exist, so that when a large number of messages sent, for example through botnets, as the recipient does not exist, the mail system will generate a lot of bounce to the sender address. The sender address belongs to the real server will receive a lot of bounce to increase the server load, but also easy to make the company's mail server being blacklisted.
Bounce attack differ in degree, the above described attack, the attacker may one day receive hundreds of thousands of letters a variety of bounce. Generally encountered by users are harassing nature of the bounce attack, spammers sending junk mail, often random, set the sender, including, for example bobo@abc.com, when a lot of spam, some mail may be to bobo@abc.com sent, then the bobo may receive a letter back, sometimes only a few letters a day or several letters, but constantly, people are very depressed.
Information usually bounce regularly, such as the sender is empty, or for MAILER-DAEMON@xxx.com, the theme is generally Undelivered Mail Returned so. Some users use keyword blocking technology will be bouncing, or simply limited to prevent the empty sender, but it often will also prevent the normal bouncing out, leading to inadequate information.
In general, the bounce of a company's mail traffic accounted for more than 5%, most of which is spam bouncing. How to prevent receipt of such junk bounce, bounce to avoid attacks?
Use SPF or domain-key technology. Principles similar to these two technologies. For example, the SPF record sohu.com sohu.com text = "v = spf1 ip4: 61.135.130.0/23 ip4: 61.135.132.0/23 (... Sohu their mail server IP) all"; if the people who abused the sohu send spam, the recipient filtering technology if the use of the SPF, will be able to determine which is fake and spam will not be sent to the DNR the sohu.
Unfortunately, many do not do SPF authentication server, so even if your company set up SPF records can not stop the spam bounce.
Barracuda Spam Firewall with the message authentication mechanism can bounce spam bounce the perfect solution, which works as follows, in a limited Barracuda spam firewall outgoing mail stamp and verification keys are added, the form: 20090714023838.BB1B612EEE9; Zhe Feng Mail sent after the bombs produced replied bombs reply email to be included in the timestamp and the key time. If you do not include the above information, it indicates this message is not sent by the device, is garbage bomb letter to be blocked.
Set Method: In the management interface filter set-sender authentication in the filter settings and verify key illegal ammunition can reply.
Block in log search can find the reasons for the Invalid Bounce to bounce all spam blocked records.