This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Appliance Blocking Legitimate NDR's and Out of Office Messages

We are having an issue with legitimate NDR's and Out of Office messages being quarantined as spam. When I look at the reason it is almost always our "Bounce Messages" rule. i don't want to shut this rule off because backscatter spam has been a big problem for us. I have a support ticket open but it seems to have gone into the "Sophos Labs" black hole. 

Any ideas for ensuring legitimate NDR's and Out of Office messages are delivered?



This thread was automatically locked due to age.
Parents
  • On your Bounce Messages policy -> Under Rule Config -> can you tell me if you have both options checked/enabled? (Enabled Bounce Address Tag Verification (BATV) & Treat all auto-responders identified by SophosLabs as bounces)
  • Yes, both options are enabled. I considered disabling the "Treat all auto-responders identified by SophosLabs as bounces" but I was reluctant to do so without having a good understanding of what this setting will change.

    Before we created this rule we were inundated with backscatter spam. Preventing the backscatter is more of a priority than the inconvenience of not receiving legitimate bounces but I'm hoping we can do both.
Reply
  • Yes, both options are enabled. I considered disabling the "Treat all auto-responders identified by SophosLabs as bounces" but I was reluctant to do so without having a good understanding of what this setting will change.

    Before we created this rule we were inundated with backscatter spam. Preventing the backscatter is more of a priority than the inconvenience of not receiving legitimate bounces but I'm hoping we can do both.
Children
  • Hi astevens

    Try making a separate rule, one with the "Treat all auto-responders identified by SophosLabs as bounces" but without "Enabled Bounce Address Tag Verification (BATV)" and the other rule with the other option checked, see which option is catching the legitimate NDRs.

    You may have to exclude some sender domains from which ever rule is triggering.