Messaging Gateway

Hi All,

We have enabled bounce attack prevention feature & we have observed that lots of out off office reply emails are getting blocked due to BAP.

Please let me know if any one have faced the same issue & what is the resolution ofr the same.

Regards,
Laeek

Hi,

Are these out of office replies sent in response to legitimate emails? The BAP feature should only block bounces and out of office replies which were sent in response to spam emails with forged headers that did not pass through the Symantec Brightmail Gateway on outbound.

This is a common technique used by spammers - in the past 7 days on an hourly basis, there was a peak of 15% of all spam being sent via bounces and out of office replies. Spammers sometimes do this deliberately in order to have legimate mail servers deliver their mails and to increase the read rate of these emails.

Amanda

Hello Amanda,

Yes, out of office emails are genuine email as we got a request from the sender to track in SBG.

Regards,
Laeek

Are your "bounce" e-mails always leaving via the Brightmail infrastructure?  When I first turned on BAP I found that one of our exchange servers had a direct path to the internet.  So much for tagging with BAP.

Actually another possible issue here is how some MTA's send OOTO's.  Normally with OOTO's a reply from the original recipient will get sent back to your internal user, it will have the BAP tag and will get back in no problem.  We have seen some MTA's create new messages in response to OOTO's and send them from the null sender '<>' address.  In this situation, as this is a new message coming from the null sender address and there is no BAP tag this can be an issue and the OOTO could be deleted/rejected.

Probably worth checking into how the MTA in question is handling things...

Kevin