What is a Reverse NDR Attack

The non-delivery report (NDR) is generated when an email message is not able to be sent to the next hop.

Spammers can use NDR as a method to generate spam towards victims by using the victim's email address as the sender. This is called a reverse NDR Attack.

Consider the following scenario:

• Bob (the victim), has an email address bob@Victim.com.
• You run an email server that accepts messages for @yourDomain.com. In addition, it accepts messages for valid as well as invalid users.
• Jim (the attacker), wants to send a spam message to Bob. However, instead of sending it directly to Bob, he sends it through your email server. He does this to prevent his IP address from getting black listed.
• Jim's composes an email with the following values for Sender and Recipient:
  

  From: Bob@Victim.com
  To: invalid@yourDomain.com
  

Preventing such attacks in Xeams

• Configure Xeams to reject invalid users. This is done by specifying a valid list of users or integrating with Active Directory.
• Configure how NDRs are generated.
  Configuring NDRs

  After logging in as admin, go to Smtp Server Configuration and select the Advanced Tab. Following bullets describe two important configuration parameters.
  
  Include Original:
  This option configures whether to attach the original email message in the NDR. By default, this option is disabled. It is highly recommend to leave this option disabled to prevent spammed messages.
  
  Generate NDRs only for outbound emails:
  This option only allows NDRs to be generated for outbound emails. This prevents the reverse NDR attack where someone uses your email server to bounce back spam messages.

LEAVE A COMMENT

Your email address will not be published.

Comments:

Post Comment