--> Bounce Email is generated whenever email does not reach the recipient email inbox and delivery status notification is created and sent to the sender email address to notify there is an issue in sending the email to the recipient
--> There are two types of email bounces:
1) hard bounces: Hard bounces are permanent failures that occur when an email is sent to an recipient email address that does not exist or invalid.
2) soft bounces : Soft bounces are temporary failures occur when the recipient email address inbox is full or having issues with the Email Server of recipient email address
--> Backscatter emails are bulk bounce messages received by an individual for emails that were never sent by them.
--> Spammers sometimes fraudulently use others' email addresses as the sender email address in the message envelope (MAIL FROM) when delivering spam.
--> When an email cannot be delivered, email servers often return a a delivery status notification (DSN) message, sometimes also known as a bounce message, to the sender email address located in the message envelope.
--> While DSNs are normally useful in notifying email users when an email could not be delivered, in this case, it could result in delivery of a DSN to an email user who never actually sent the original message.
--> Because the invalid bounce message is from a valid email server, it can be difficult to detect as invalid.
--> The intention of spammers using backscattering is to find a workaround to deal with the anti-spam filters set up by an organization and fill the user's mailbox with spam emails and in turn, hack sensitive data
--> Bounce Verification is a very good way to prevent backscatter/bounce attacks on the Email Servers of an organization
--> Bounce Verification allows the Fortimail to avoid the Denial of Service DOS of your email infrastructure
--> The Bounce Verification works on the simple concept of adding the unique tags by fortimail for every outbound mail in the envelope sender address as it is sent through Fortimail
--> Bounce address tagging is applied to the sender email address in the message envelope only; it is not applied to the sender email address in the message header
--> If the email server for the recipient email domain cannot deliver the email, it will send a bounce message whose recipient is the tagged email address. When the bounce message arrives at the FortiMail unit,If the tag is successfully verified, the bounce verification scan removes the tag, restoring the recipient email address to one known by the protected domain, and allows the bounce message.
--> The DSN's which are sent by Spammers does not contain any Bounce Tags when it arrives on the Fortimail, It will be dropped by Fortimail.
0 comments:
Post a Comment