In the spring of this year I started seeing a new trend of waves of forged emails going out. They would target one specific email address at a domain and would last from 24 to 36 hours in general. The targeted person generally received 200 to 350 bounced undeliverables during this timeframe. They would then trickle off and the problem would go away until the next time that user was targeted which might be days, weeks or months.
Starting in September, I have seen these waves taken to a new level. Now over the period of several hours, I am seeing 5000 to 7500 bounced undeliverables being returned to a single user email address.
I am using Postini and have configured the optional NDR settings that they advised. As a result, these emails are being filtered into the users quarantine in Postini. This is still unmanagable since within several hours, their quarantine is flooded with 5000+ emails. In addition the person will receive 100 to 500 emails that still went through Postini due to being in another language or not matching the Postini NDR filter rules or null sender.
The last time I was personally hit by this, my Postini daily quarantine summary had 5074 items in it which was September 30th. I have had clients email me their summaries which showed over 7500 emails quarantined in one day.
At this point, I am looking at implementing Sender Policy Framework (SPF) as decribed at OpenSPF.
Does anyone have an idea how effective this might be? Any possible other solutions that might help prevent this flood of NDR's from occurring?
I have multiple domains hosted at Dathorn, and also multiple domains that use their own internal Exchange servers. One client wants to deploy Sunbelt Software' s Ninja product thinking it will solve all their problems. I personally doubt it wil be more effective then Postini already is. Has anyone used that with any feedback?
Just trying to figure out a way to stop this mess which is rapidly getting worse. Before, I thought the waves in Apirl were bad, this is another whole level of nasty.
Starting in September, I have seen these waves taken to a new level. Now over the period of several hours, I am seeing 5000 to 7500 bounced undeliverables being returned to a single user email address.
I am using Postini and have configured the optional NDR settings that they advised. As a result, these emails are being filtered into the users quarantine in Postini. This is still unmanagable since within several hours, their quarantine is flooded with 5000+ emails. In addition the person will receive 100 to 500 emails that still went through Postini due to being in another language or not matching the Postini NDR filter rules or null sender.
The last time I was personally hit by this, my Postini daily quarantine summary had 5074 items in it which was September 30th. I have had clients email me their summaries which showed over 7500 emails quarantined in one day.
At this point, I am looking at implementing Sender Policy Framework (SPF) as decribed at OpenSPF.
Does anyone have an idea how effective this might be? Any possible other solutions that might help prevent this flood of NDR's from occurring?
I have multiple domains hosted at Dathorn, and also multiple domains that use their own internal Exchange servers. One client wants to deploy Sunbelt Software' s Ninja product thinking it will solve all their problems. I personally doubt it wil be more effective then Postini already is. Has anyone used that with any feedback?
Just trying to figure out a way to stop this mess which is rapidly getting worse. Before, I thought the waves in Apirl were bad, this is another whole level of nasty.
Comment