Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR spam that has an effect similar to a Distributed Denial of Service on the email system. In this paper we provide a technical explanation of NDR Spam and recommend solutions that can prevent or limit exposure to this kind of unsolicited email.
What is a Non-Delivery Report?
Email systems support a service called Delivery Status Notification(DSN). This feature allows end users to be notified of successful or failed delivery of email messages. Examples include sending a report when email delivery has been delayed or when an email message has been successfully delivered.
How to reduce exposure to NDR spam?
If you are responsible for a network that is a victim of NDR spam or backscatter, there are only a few preventive measures that you can take. One of the more straightforward solutions is to turn off your catchall mailboxes. When this feature is disabled, unless the spammer spoofs your email address, your mail server will not be accepting non-delivery reports for email addresses which do not exist on your mail server.
If on the other hand, you are responsible for an email server that is causing NDR spam, then it
is recommended that you configure the mail server to reject during SMTP transmission rather than bounce email messages which cannot be delivered. Various email servers such as Microsoft Exchange, Postfix, Sendmail and Qmail have patches to improve the behavior to create less backscatter. One can find online resources which detail4 how to configure these servers to prevent the NDR spam problem getting worse.
A better solution
The latest version of GFI’s MailEssentials for Exchange and SMTP5 allows automated blocking of NDR spam. This solution does not require any changes to be made on the mail server’s side.
GFI’s MailEssentials scans NDR emails by making use of the existing Anti-spam features employed by MailEssentials, such as the Bayesian Filter, DNS Blacklists, Sender URI RealTime Blocklists and Keyword Checking. GFI MailEssentials will also make use of the Directory Harvesting feature6 on the Gateway to drop email messages and NDRs sent to nonexistent users. If the NDR makes it past these protection mechanisms, then the email message is checked against the “NewSender” feature. This feature allows end users to receive only legitimate non-delivery reports, thus allowing them to focus on actual work rather than cleaning up the mailbox.
Visit the website given below to download GFI MailEssentials;
