Hi,

Are you using BAP?  The rejected NDRs will usually have a NULL sender value which could explain this.
Also, you could see the messages rejected at connection time on a reputation basis in this report.  Because they are rejected before the SMTP conversation, we don't know the sending domain.

HTH

//ian

Question, what is BAP? and we are getting the exact same thing, about 17.000 emails per day as (none) and i have no idea what this is or what i can do about it, any idea?

The senders = (none) are usually NDR's, if you are being hardly hit by NDR attacks I would suggest enabling BATV (Bounce Address Tag Verification) if your outbound mail goes out through the appliances otherwise it won't work.

Also, on version 8.x and later there was a major improvement on our reputation technology and it can probably increase the number of (none) a lot since the reputation will catch a lot more Spam.

Is your appliance is configure for Inbound and Outboud, if yes then you can configure BAP, which will prevent Non-valid NDRs or NDR attack.

Hi Milindhf,

The category “none” are for senders that cannot be identified. For example, spam coming from zombie network. Zombies have been used extensively to send e-mail spam, an estimated 50-80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection.

Below is the official symantec document about "Top sender report that shows sender (None)" for additional info.

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009080608193054

Please "mark it as solution" if this solves your concern.