DSN: User Unknown

Prev: sendmail bounces
Next: Secure Setup with Sendmail

From: NPG on 23 Jul 2007 16:43

---

What are the recommended best practices for sending these messages from
ones domain? Especially when the envelope recipient is a nonexistent user.

Scenario #1
user(a)example.com sends mail to nonexistatnuser(a)our.domain.com.
Should we send back a DSN email?

We have seen this and usually block the sending host.

Scenario #2
Some spammer sends mail to user(a)example.net with an envelope sender of
nonexistantuser(a)ourdomain.com. user(a)example.net however does not exist
and their MTA sends us a DSN for something we never sent.

We have seen this and are concerned about the possibility of our MTA
doing it to others.

Thanks

From: Grant Taylor on 23 Jul 2007 18:13

---

On 07/23/07 15:43, NPG wrote:
> What are the recommended best practices for sending these messages
> from ones domain? Especially when the envelope recipient is a
> nonexistent user.

The best practice with regards to delivery status notifications for
invalid recipients is to reject messages to invalid recipients at the
border before you accept messages and thus would need to send DSN: User
unknown notifications.

> Scenario #1
> user(a)example.com sends mail to nonexistatnuser(a)our.domain.com. Should
> we send back a DSN email?

You should not accept the message in the first place, thus not need to
send back a DSN. If you do accept the messages, you have accepted
responsibility to deliver the message(s) -OR- notify the sending part of
the failed delivery. So, if you do accept the original message, you
really should send the DSN. This is why it is so much better to not
accept the messages to invalid recipients in the first place.

> We have seen this and usually block the sending host.

Which host do you block? The host sending the DSN or the host sending
the message to the invalid recipient?

> Scenario #2
> Some spammer sends mail to user(a)example.net with an envelope sender
> of nonexistantuser(a)ourdomain.com. user(a)example.net however does not
> exist and their MTA sends us a DSN for something we never sent.

This is more commonly known as "Back Scatter" and is a fact of life on
the internet. If this gets to be too big of a problem, you can install
filters like Milter-Null to help block back scatter prior to accepting
it in to your mail system.

> We have seen this and are concerned about the possibility of our MTA
> doing it to others.

This is a valid concern. The best answer to this is to not accept the
messages in the first place. I.e. educate your border SMTP server(s) as
to valid and invalid recipients.



Grant. . . .

From: NPG on 28 Jul 2007 22:27

---

* Grant Taylor wrote:
> On 07/23/07 15:43, NPG wrote:
>> What are the recommended best practices for sending these messages
>> from ones domain? Especially when the envelope recipient is a
>> nonexistent user.
>
> The best practice with regards to delivery status notifications for
> invalid recipients is to reject messages to invalid recipients at the
> border before you accept messages and thus would need to send DSN: User
> unknown notifications.
>
>> Scenario #1
>> user(a)example.com sends mail to nonexistatnuser(a)our.domain.com. Should
>> we send back a DSN email?
>
> You should not accept the message in the first place, thus not need to
> send back a DSN. If you do accept the messages, you have accepted
> responsibility to deliver the message(s) -OR- notify the sending part of
> the failed delivery. So, if you do accept the original message, you
> really should send the DSN. This is why it is so much better to not
> accept the messages to invalid recipients in the first place.
>
>> We have seen this and usually block the sending host.
>
> Which host do you block? The host sending the DSN or the host sending
> the message to the invalid recipient?
The host sending the invalid recipient.
>
>> Scenario #2
>> Some spammer sends mail to user(a)example.net with an envelope sender of
>> nonexistantuser(a)ourdomain.com. user(a)example.net however does not
>> exist and their MTA sends us a DSN for something we never sent.
>
> This is more commonly known as "Back Scatter" and is a fact of life on
> the internet. If this gets to be too big of a problem, you can install
> filters like Milter-Null to help block back scatter prior to accepting
> it in to your mail system.
>
I'll have to take a look at that.
>> We have seen this and are concerned about the possibility of our MTA
>> doing it to others.
>
> This is a valid concern. The best answer to this is to not accept the
> messages in the first place. I.e. educate your border SMTP server(s) as
> to valid and invalid recipients.
Sounds like the "right thing" thanks

From: Grant Taylor on 30 Jul 2007 14:54

---

On 07/28/07 21:27, NPG wrote:
> The host sending the invalid recipient.

There is little that you can do to stop other hosts from sending to an
invalid recipient in your domain. The best that you can do is to
educate your border SMTP server(s) so that they do not accept messages
to invalid recipients.

> I'll have to take a look at that.

*nod*

> Sounds like the "right thing" thanks

Indeed.



Grant. . . .

 | 
Pages: 1
Prev: sendmail bounces
Next: Secure Setup with Sendmail