• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3193
  • Last Modified:

Exchange 2003 Should I Allow Delivery Reports? Allow Non Delivery Reports?

On Exchange 2003  sp2
ESM - Global Settings - Internet Message Format - Default  (properties) Advanced Tab
Is it Best Practice/Advisable to have "Allow Delivery Reports" checked? Can you explain the purpose of that feature? (whenever I click on Help to read up on it it crashes ESM...so I would RTFM if I could..but I cant..sooo....)

I understand that having "Allow Non-Delivery Reports" enabled is not a good thing as it is just helping the cause of the spammers... yes?

Thanks!

pdxsrw


0
pdxsrw
Asked:
pdxsrw
  • 4
  • 3
  • 2
1 Solution
 
ajarveyCommented:
Yes, enabling delivery reports to go out to teh internet will leave you open to directory harvest attacks, and a flood of spammers knocking at your door. I don't reccomend that anyone in a corporate environment enable this functionality on the internet side of things.
0
 
tigermattCommented:
Actually, disabling delivery reports can get you blacklisted, and it is recommended that you leave them enabled.

I accept that enabling them will help out spammers, but it's either that or get blacklisted, and cannot send mail to anyone. If you have a good spam filter (IMF with Exchange SP2 is good) and I recommend using an RBL, then you shouldn't see much spam anyway.

-tigermatt
0
 
tigermattCommented:
Sorry, that should be "Disabling non-delivery reports can get you blacklisted"

Delivery reports I believe are just the delivery receipts which a user can request when sending a message to confirm the message was delivered.

-tigermatt
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ajarveyCommented:
We're a shop that has over 30 Exchange boxes across the globe, and have never gotten blacklisted as a result of having these features disabled.
0
 
pdxsrwAuthor Commented:
ajavery - what are you using for Anti Spam measures on your Exchange boxes?
0
 
ajarveyCommented:
We use an external service based solution for all inbound mail to the enterprise. That setup is also configured to *not* send delivery or non-delivery reports.
0
 
tigermattCommented:
To avoid the issues of disabling NDRs, why not just filter out unknown recipients? This will save server resources, since this filter occurs at the SMTP communication level and the NDR nor the message data/content is ever transferred, the message is immediately rejected when a bad address is entered.

http://www.amset.info/exchange/filter-unknown.asp

This is by far a better solution to accepting the mail and not generating an NDR. If a legitimate business message wants to get through, but the sender typed the address incorrect, consider the potential loss to your business if the sender isn't notified of the mistake.

Also on the link above is a feature called the tar pit (bottom of page) which slows the response of your server so it makes it very time consuming for a spammer to try to work out your email addresses by trying to send to hundreds of addresses and seeing which ones are rejected.

-tigermatt
0
 
pdxsrwAuthor Commented:
Tigermatt -

regarding filtering out unknown recipients - we do that..and we tarpit as well...but the spam keeps on flowing in to legitimate email accounts....

Death to spammers


0
 
tigermattCommented:
Well then to eliminate that issue you are going to need a good spam filter. I've seen a reduction in spam also by implementing an RBL, such as one from Spamhaus - http://www.spamhaus.org/ Have you done this too?

Also, I assume you've got Exchange's IMF enabled. You may need to get a better product, i.e. a barracuda spam appliance or some better software for filtering spam on the Exchange server. That will also show a reduction.

-tigermatt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now