-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
SonicWall HES sending IP address blocked by UCEProtect or Backscatter
07/26/2022 
4 People found this article helpful
393,490 Views
Description
Outbound emails from customers are being rejected or bounced with a message showing one of SonicWall's HES sending IP addresses as being blocked.
What is backscatter?
Backscatter emails are automatic responses via email (such as non-delivery reports, delivery confirmations and out-of-office notes), or so-called bounce messages. If the sender of the original email is faked, it can happen that said emails are delivered to innocent third parties.
UCEProtect and Backscatterer.org are owned by the same organization. UCEProtect and Backscatterer will list IPs that send spam and/or send backscatter (misdirected bounces). Both of these blocklists are considered extreme in that their listing policies are aggressive enough that we typically see very little actual impact to email flow.
UCEProtect is a public DNSBL that lists IPs that send spam to their spam traps. UCEProtect also charges a delisting fee which SonicWall will not pay and does not recommend paying for list removal.
Backscatterer.org lists IPs that send backscatter spam (misdirected bounces). Backscatterer.org also charges a delisting fee which SonicWall will not pay and does not recommend paying for delisting. Additionally, in our experience, we typically see very little actual impact to email flow due to Backsatterer.org's aggressive listing policies.
SonicWall’s recommendation is not to use SMTP rejects for backscatterer hits, but to process them as softfail: e.g., quarantine or tagging. But not to use a reject or bounce. This often prevents legitimate business transactions, which are extremely frustrating for end users. The external communication partner should not use the blocklist of backscatterer.org as the only classification criterion.
We recommend that SonicWall HES users contact the communication partner in order to achieve a configuration adjustment. In addition, if using Microsoft Exchange or O365, an outbound connector can be configured to send directly to the recipient domain.
Learn more at How to add O365 connector for domain specific routing.
Related Articles
- Email Security: Convert a .cer format SSL Certificate to .pem for TLS
- How to set up your MX record after you activated Email Security Hosted Solution
- Email Security: How to troubleshoot NDR's.
YES
NO