Problem

Spammers may sometimes use the delivery status notification (DSN) mechanism to bypass antispam measures. In this attack, sometimes called “backscatter”, the spammer spoofs the email address of a legitimate sender and intentionally sends spam to an undeliverable recipient, expecting that the recipient’s email server will send a DSN back to the sender to notify him/her of the delivery failure. Because this attack utilizes innocent email servers and a standard notification mechanism, many antispam mechanisms may be unable to detect the difference between legitimate and spoofed DSN.

2. Next, disable both the Bypass bounce verification option (see “Configuring protected domains”) and the Bypass bounce verification check option (see “Configuring session profiles”).

3. In addition, verify that all outgoing and incoming email passes through the FortiMail unit. The FortiMail unit cannot tag email, or recognize legitimate DSN for previously sent email, if all email does not pass through it. For details, see “Configuring bounce verification and tagging”.