Email Security.cloud

This is called Backscatter where a portion of messages received when an email address is set as the sender on spam messages. The drawback of this is that the innocent party whose email address was forged will then receive a bounce notifications, out of office replies, challenge response messages and more. While unwanted, backscatter messages are coming from a legitimate sources and are not deemed as SPAM (Unsolicited Bulk Email).

If you are receiving unwanted bounce mails, you can stop them by some simple filtering either on your mail server or in your end users' mail clients. The right method of doing this will vary from server to server and client to client. We mark mails that appear to be bounces or NDRs with a special rule, ML_IS_POSSIBLE_BOUNCE. This rule, along with other rules that the message matches, will be in the X-SpamReason header of the message. Therefore, your filter should look for ML_IS_POSSIBLE_BOUNCE anywhere in the message's X-SpamReason header.

If you decide to implement this type of filtering, there are two issues you should be aware of:

• There is no standardized format for bounce mails. The ML_IS_POSSIBLE_BOUNCE rule is quite comprehensive, but we cannot guarantee that it will identify all bounce mails.
• This rule does not discriminate between bounces caused by spammers spoofing your addresses in their From Headers and legitimate bounce mails. A legitimate bounce mail might be where one of your users has mistyped the email address of a business message, and the destination mail server then rejecting the message. If bounce mails are blocked, users may get no warning of this.

These two issues should be carefully considered before you start filtering.

If your situation doesn't allow you to utilize the method describe above, please contact Broadcom Technical Support team for further assistance.