[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2003 Should I Allow Delivery Reports? Allow Non Delivery Reports?

Posted on 2007-10-04
9
Medium Priority
?
3,143 Views
Last Modified: 2012-08-13
On Exchange 2003  sp2
ESM - Global Settings - Internet Message Format - Default  (properties) Advanced Tab
Is it Best Practice/Advisable to have "Allow Delivery Reports" checked? Can you explain the purpose of that feature? (whenever I click on Help to read up on it it crashes ESM...so I would RTFM if I could..but I cant..sooo....)

I understand that having "Allow Non-Delivery Reports" enabled is not a good thing as it is just helping the cause of the spammers... yes?

Thanks!

pdxsrw


0
Comment
Question by:pdxsrw
  • 4
  • 3
  • 2
9 Comments
 
LVL 6

Expert Comment

by:ajarvey
ID: 20016043
Yes, enabling delivery reports to go out to teh internet will leave you open to directory harvest attacks, and a flood of spammers knocking at your door. I don't reccomend that anyone in a corporate environment enable this functionality on the internet side of things.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20016089
Actually, disabling delivery reports can get you blacklisted, and it is recommended that you leave them enabled.

I accept that enabling them will help out spammers, but it's either that or get blacklisted, and cannot send mail to anyone. If you have a good spam filter (IMF with Exchange SP2 is good) and I recommend using an RBL, then you shouldn't see much spam anyway.

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20016099
Sorry, that should be "Disabling non-delivery reports can get you blacklisted"

Delivery reports I believe are just the delivery receipts which a user can request when sending a message to confirm the message was delivered.

-tigermatt
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 6

Expert Comment

by:ajarvey
ID: 20016147
We're a shop that has over 30 Exchange boxes across the globe, and have never gotten blacklisted as a result of having these features disabled.
0
 
LVL 5

Author Comment

by:pdxsrw
ID: 20016215
ajavery - what are you using for Anti Spam measures on your Exchange boxes?
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 20016248
We use an external service based solution for all inbound mail to the enterprise. That setup is also configured to *not* send delivery or non-delivery reports.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20016454
To avoid the issues of disabling NDRs, why not just filter out unknown recipients? This will save server resources, since this filter occurs at the SMTP communication level and the NDR nor the message data/content is ever transferred, the message is immediately rejected when a bad address is entered.

http://www.amset.info/exchange/filter-unknown.asp

This is by far a better solution to accepting the mail and not generating an NDR. If a legitimate business message wants to get through, but the sender typed the address incorrect, consider the potential loss to your business if the sender isn't notified of the mistake.

Also on the link above is a feature called the tar pit (bottom of page) which slows the response of your server so it makes it very time consuming for a spammer to try to work out your email addresses by trying to send to hundreds of addresses and seeing which ones are rejected.

-tigermatt
0
 
LVL 5

Author Comment

by:pdxsrw
ID: 20018800
Tigermatt -

regarding filtering out unknown recipients - we do that..and we tarpit as well...but the spam keeps on flowing in to legitimate email accounts....

Death to spammers


0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 20019928
Well then to eliminate that issue you are going to need a good spam filter. I've seen a reduction in spam also by implementing an RBL, such as one from Spamhaus - http://www.spamhaus.org/ Have you done this too?

Also, I assume you've got Exchange's IMF enabled. You may need to get a better product, i.e. a barracuda spam appliance or some better software for filtering spam on the Exchange server. That will also show a reduction.

-tigermatt
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question