Article Spammers may sometimes use the delivery status notification (DSN) mechanism to bypass antispam measures. In this attack, sometimes called "backscatter", the spammer spoofs the email address of a legitimate sender and intentionally sends spam to an undeliverable recipient, expecting that the recipient's email server will send a DSN back to the sender to notify him/her of the delivery failure. Because this attack utilizes innocent email servers and a standard notification mechanism, many antispam mechanisms may be unable to detect the difference between legitimate and spoofed DSN.
To detect backscatter:
- Enable bounce address tagging and configure an active key (located under AntiSpam > Bounce Verification > Settings).
- Next, disable both the "Bypass Bounce Verification" option (located under Mail Settings > Domains) and the "Bypass Bounce Verification check" option (located under Profile > Session > Session Configuration).
- In addition, verify that all outgoing and incoming email passes through the FortiMail unit. The FortiMail unit will not be able to tag email, or recognize legitimate DSN for previously sent email, if all email does not pass through it.
