Outgoing Traffic and Bounces

Popularity:

8

Simplicity:

7

Impact:

10

Risk Rating:

8

Malicious email traffic can be thought of as something going to your network and users, but of course having malicious email traffic going out from your network is also a critical security problem you must address.

Depending on the type of organization and its security policies, you may or may not care about the traffic that your network users are sending out. This is specifically true for service providers, which might have different policies from the typical corporate network.

Monitoring and properly managing your outgoing traffic is very important; a slight mistake can cost you and your users a couple of days of blocked or lost email traffic. If you get blacklisted or greylisted, removing your organization from the list will take some time and be very annoying for your users when they find out that the emails they're sending aren't being received.

Bounce messages are sent when your server cannot report an invalid recipient and/ or condition over the SMTP connection with the connecting MTA (or MUA), hence requiring a delayed error that is reported in a separate message. This can happen on any mail servers that are in the middle of an SMTP route (and, therefore, not the final server that performs local delivery) and don't have information about valid recipients and/or end filtering.

Even if your network doesn't directly allow outgoing malicious email traffic, every mail server is bound to send a certain amount of unsolicited email in the form of email bounces. Malicious emails often target invalid users in their effort to "harvest" your mail domain and discover legitimate addresses. The side-effect is many email bounces going out from your network to the envelope sender of the malicious emails. Most of the time, however, the sender of such emails has been spoofed in order to avoid detection and traceability, which means your bounces go to an address that never sent the email in the first place.

Every day, mailboxes on the Internet get a reply message to something they never sent—common "background noise" for today's email traffic. Although completely legitimate from an SMTP point of view, these bounces might be treated as malicious traffic by the receiving side, especially if they carry the original message body.

<Verbatim listing 13> [bounce message example]

From: Mail Delivery Subsystem <[email protected]> To: [email protected]

Subject: Returned mail: see transcript for details [— Attachment #1 —]

[-- Type: text/plain, Encoding: 7bit, Size: 0.5K --]

The original message was received at Mon, 5 Mar 2007 04:57:32 -0300 from 190-48-227-213.speedy.com.ar [190.48.227.213] (may be forged)

-----The following addresses had permanent fatal errors -----

<[email protected]>

(reason: 550 <[email protected]>... User unknown)

... while talking to mail.fhycs.unju.edu.ar.: \>\> RCPT To:<[email protected]> <<< 550 <[email protected]>... User unknown 550 5.1.1 <[email protected]>... User unknown [-- Attachment #2 -- ]

[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --]

Reporting-MTA: dns; huayraint.unju.edu.ar

Arrival-Date: Mon, 5 Mar 2007 04:57:32 -0300

Final-Recipient: RFC822; [email protected]

Action: failed

Remote-MTA: DNS; mail.fhycs.unju.edu.ar

Diagnostic-Code: SMTP; 550 <[email protected]>... User unknown Last-Attempt-Date: Mon, 5 Mar 2007 11:18:27 -0300 [-- Attachment #3 -- ]

[-- Type: message/rfc822, Encoding: 7bit, Size: 4.5K --] Date: Mon, 05 Mar 2007 09:50:37 +0200 (CST) To: [email protected] Subject: Semana Santa, Penso en Gesell?

From: Semana Santa en y Vacaciones en familia <[email protected]> </Verbatim listing>

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment