Configuring Bounce Attack Protection Settings

Procedure

1. Go to Administration → Sender Filtering/Authentication → Bounce Attack Protection.
2. Select Enable bounce attack protection.
3. Configure the following settings.

   Field	Description
   Monitoring duration	Select the number of hours that Deep Discovery Email Inspector monitors email traffic to see if the percentage of messages signaling a bounce attack exceeds the specified threshold.
   Rate	Type the maximum percentage of messages with detected threats (the numerator).
   Total messages	Type the total number of messages (received from the same sender) that Deep Discovery Email Inspector uses to calculate the threshold percentage (the denominator).
   Action	Select one of the following block actions: Block temporarily: Blocks messages from the IP address temporarily and allow the upstream MTA to try again after the block duration ends Block permanently: Never allow another message from the IP address and do not allow the upstream MTA to try again
   Blocking duration	If you select the Block temporarily action, select the number of hours to block. Note After blocking a sender for the specified time, Deep Discovery Email Inspector removes the sender from the Blocked Senders list.

   For example, if you configure the following settings:

   • Monitoring duration: 1 hour
   • Rate: 20
   • Total messages: 100

   During each one-hour period that blocking for bounced mail is active, Deep Discovery Email Inspector starts blocking senders when more than 20% of the messages it receives are bounced messages and the total number of messages exceeds 100.
4. Click Save.
   To use the default settings, click Restore Default to discard your configuration.