You are receiving bounce messages for messages not sent from your environment.
A bounce attack occurs when a spammer obscures message origins by using one email server to bounce spam to an address on another server. The spammer does this by inserting a target address into the "Mail From" value in the envelope of their messages then sending those messages to another address.
If the initial recipient finds the message undeliverable, that mail server recognizes the forged "Mail From" value as the original sender, and returns or "bounces" the message to that target. When the targeted system recognizes the server from which the message was bounced as a legitimate sender, it accepts the message as a legitimate non-deliverable receipt (NDR) message.
Bounce attacks can be used to leverage the initial recipient's "good" reputation when sending spam, pollute the initial recipient's IP reputation, or create denial of service attacks at the target's server.
To set up Bounce Attack Prevention for your mail system, you must:
(NOTE: For successful processing you must also ensure that all of your applicable outbound mail is routed through the appliance)
Once your system is configured for Bounce Attack Prevention, Symantec Messaging Gateway calculates a unique tag that uses the provided seed value as well as the current date. Your Scanner attaches this tag to outbound messages sent by users in your defined policy groups.
If the message is then returned as undeliverable, the envelope's return address will contain this tag.
When the system receives a message that appears to be a message returned as undeliverable, the system will compare the inbound message's recipient with the policy group configuration to see if the user's policy group is configured for Bounce Attack Prevention. If the policy group is configured, the system calculates a new tag that includes the seed value and current date, then uses that new tag to validate the tag in the email.
A valid tag on an inbound NDR will include the following:
Based on this evaluation, Symantec Messaging Gateway will do the following:
(NOTE: Bounced messages over 50k are truncated. Attachments in truncated messages may be unreadable)