Users has received bounced emails, although he never sent out emails to the senders of these emails. User mail box has getting bulk of failures mail from another domain and notifications from third party domain.
In the event that the original recipient finds the message undelivered in his mail box, that mail server observes the produced “Mail From” respect as the first sender, and returns or “skips” the message to that objective or recipient. At the point when the focused on framework observes the server from which the message was reflected as a real sender, it acknowledges the message as an authentic non-deliverable receipt (NDR) message. Bouncer attacker identified that the sender message is genuine sender while sending the spam to original message. As that point attacker can be trigger the spam bouncer mail to genuine message sender.
For preventing the bounce attack for your mail system.
- Login in your Symantec Messaging Gateway
- Go to the “Administrator” –> Control Center –> Certificates
- Bounce attack prevention seeds
- Go to Administrator –> Users –> Policy Groups –> Spam
- Enable the “Enable bounce attack prevention for this policy group” need to give action from Email policy. And save it.
Once you will enable the bounce attack prevention then after that observe bounce attack event in audits logs.