What is a Reverse NDR Attack
The non-delivery report (NDR) is generated when an email message is not able to be sent to the next hop.
Spammers can use NDR as a method to generate spam towards victims by using the victim's email address as the sender. This is called a reverse NDR Attack.
Consider the following scenario:
Since invalid@yourDomain.com does not exist, your email server will generate an NDR. However, that NDR will get sent to Bob instead of Jim, because Jim forged the sender to be Bob instead of Jim.
Refer to the diagram below for more information:
Preventing such attacks in Xeams
There are two features in Xeams that will help against a reverse NDR attack.
- Configure Xeams to reject invalid users. This is done by specifying a valid list of users or integrating with Active Directory.
- Configure how NDRs are generated.
After logging in as admin, go to Smtp Server Configuration and select the Advanced Tab. Following bullets describe two important configuration parameters.
This option configures whether to attach the original email message in the NDR. By default, this option is disabled.
It is highly recommend to leave this option disabled to prevent spammed messages.
Generate NDRs only for outbound emails:
This option only allows NDRs to be generated for outbound emails. This prevents the reverse NDR attack where someone uses your email server to bounce back spam messages.
||5/18/16 10:11 AM
|Last updated on:
||5/18/16 10:14 AM