We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How can I prevent "Backscatter" on my Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: 8 months ago
Solution #00001720

Scope:
Applies to all Email Security Gateways, all firmware versions.
 

Answer:
With the default and recommended configuration, Email Security Gateways do not generate backscatter. The Email Security Gateway rejects most invalid, spam, and virus email messages at the connection management level before actually receiving them. Of the Email Security Gateway's 12 layers of defense, blocking during the first five layers (denial of service protection, rate controls, IP reputation, sender authentication, and recipient verification) ultimately results in an SMTP deferral or rejection. In these cases, the Email Security Gateway does not receive the message and has no control over whether the sender's email server generates and delivers an NDR or bounce message to the sender.

The final 7 Email Security Gateway defense layers involve actually receiving the email message to inspect its contents. These layers include virus scanning, user policy, fingerprint analysis, Intent Analysis, image analysis, Bayesian filtering, and spam rule scoring. By default, the sending addresses of emails that are blocked during these inspections these layers do not receive notifications that their email was blocked.

For the purposes of tuning or evaluating the Email Security Gateway, there are options to enable bounce messages to notify senders that the Email Security Gateway rejected spam emails, virus emails, or emails violating configured policy. If you receive complaints of "backscatter", you should ensure that you have configured your Email Security Gateway to match the following settings:


Firmware version 3.5.x and earlier

 

  • On the Basic > Virus Checking page, set the Notify Sender of Virus Interception to No. This is the default and recommended value.
  • On the Basic > Spam Scoring page, set Send Bounce to No. This is the default and recommended value.
  • On the Block/Accept > Attachment Filtering page, set Notify Sender of Banned File Interception and Notify Intended Recipient of Banned File Interception to No.


Firmware version 4.0.x and later

 

  • Under Advanced > Bounce/NDR Settings, set Notify Sender of Banned File Interception and Notify Intended Recipient of Banned File Interception to No.
  • Under Advanced > Bounce/NDR Settings, set Send Bounce to No.
Firmware version 5.0.x and later
  • Under Block/Accept -> Sender Authentication -> Invalid Bounce Suppression

Additional Notes:
To avoid receiving backscatter when behind one or more Email Security Gateways, see Solution #00003619.

 
Link to This Page:
https://campus.barracuda.com/solution/50160000000GTrgAAG