Configuring Bounce Attack Protection Settings

You can configure bounce attack protection settings to block senders if the number of returned email messages reaches the specified threshold.

Note:

  • Before you enable this feature, configure Microsoft Active Directory settings.

    For more information, see Configuring Microsoft Active Directory Settings.

  • Deep Discovery Email Inspector considers an email message with non-existing recipient as a bounce attack attempt.

  • When SMTP traffic volume is extremely high, Deep Discovery Email Inspector might not precisely block email messages based on the configuration due to the time delay between rule trigger and activation.

  1. Go to Administration > Sender Filtering/Authentication > Bounce Attack Protection.
  2. Select Enable bounce attack protection.
  3. Configure the following settings.
    Table 1.

    Field

    Description

    Monitoring duration

    Select the number of hours that Deep Discovery Email Inspector monitors email traffic to see if the percentage of messages signaling a bounce attack exceeds the specified threshold.

    Rate

    Type the maximum percentage of messages with detected threats (the numerator).

    Total messages

    Type the total number of messages (received from the same sender) that Deep Discovery Email Inspector uses to calculate the threshold percentage (the denominator).

    Action

    Select one of the following block actions:

    • Block temporarily: Blocks messages from the IP address temporarily and allow the upstream MTA to try again after the block duration ends

    • Block permanently: Never allow another message from the IP address and do not allow the upstream MTA to try again

    Blocking duration

    If you select the Block temporarily action, select the number of hours to block.

    Note:

    After blocking a sender for the specified time, Deep Discovery Email Inspector removes the sender from the Blocked Senders list.

    For example, if you configure the following settings:

    • Monitoring duration: 1 hour

    • Rate: 20

    • Total messages: 100

    During each one-hour period that blocking for bounced mail is active, Deep Discovery Email Inspector starts blocking senders when more than 20% of the messages it receives are bounced messages and the total number of messages exceeds 100.

  4. Click Save.

    To use the default settings, click Restore Default to discard your configuration.

Parent topic: Sender Filtering/Authentication Settings