What is a Reverse NDR Attack
The non-delivery report (NDR) is generated when an email message is not able to be sent to the next hop.
Spammers can use NDR as a method to generate spam towards victims by using the victim's email address as the sender. This is called a reverse NDR Attack.
Consider the following scenario:
- Bob (the victim), has an email address bob@Victim.com.
- You run an email server that accepts messages for @yourDomain.com. In addition, it accepts messages for valid as well as invalid users.
- Jim (the attacker), wants to send a spam message to Bob. However, instead of sending it directly to Bob, he sends it through your email server. He does this to prevent his IP address from getting black listed.
-
Jim's composes an email with the following values for Sender and Recipient:
From: Bob@Victim.com To: invalid@yourDomain.com
Refer to the diagram below for more information:
Preventing such attacks in Xeams
There are two features in Xeams that will help against a reverse NDR attack.- Configure Xeams to reject invalid users. This is done by specifying a valid list of users or integrating with Active Directory.
- Configure how NDRs are generated.
Configuring NDRsAfter logging in as admin, go to Smtp Server Configuration and select the Advanced Tab. Following bullets describe two important configuration parameters.
Include Original:
This option configures whether to attach the original email message in the NDR. By default, this option is disabled. It is highly recommend to leave this option disabled to prevent spammed messages.
Generate NDRs only for outbound emails:
This option only allows NDRs to be generated for outbound emails. This prevents the reverse NDR attack where someone uses your email server to bounce back spam messages.
| Created on: | May 18, 2016 |
| Last updated on: | Mar 29, 2023 |