SonicWall HES sending IP address blocked by UCEProtect or Backscatter
07/26/2022
4 People found this article helpful
339,176 Views
Description
Outbound emails from customers are being rejected or bounced with a message showing one of SonicWall's HES sending IP addresses as being blocked.
What is backscatter?
Backscatter emails are automatic responses via email (such as non-delivery reports, delivery confirmations and out-of-office notes), or so-called bounce messages. If the sender of the original email is faked, it can happen that said emails are delivered to innocent third parties.
UCEProtect and Backscatterer.org are owned by the same organization. UCEProtect and Backscatterer will list IPs that send spam and/or send backscatter (misdirected bounces). Both of these blocklists are considered extreme in that their listing policies are aggressive enough that we typically see very little actual impact to email flow.
UCEProtect is a public DNSBL that lists IPs that send spam to their spam traps. UCEProtect also charges a delisting fee which SonicWall will not pay and does not recommend paying for list removal.
Backscatterer.org lists IPs that send backscatter spam (misdirected bounces). Backscatterer.org also charges a delisting fee which SonicWall will not pay and does not recommend paying for delisting. Additionally, in our experience, we typically see very little actual impact to email flow due to Backsatterer.org's aggressive listing policies.
SonicWall’s recommendation is not to use SMTP rejects for backscatterer hits, but to process them as softfail: e.g., quarantine or tagging. But not to use a reject or bounce. This often prevents legitimate business transactions, which are extremely frustrating for end users. The external communication partner should not use the blocklist of backscatterer.org as the only classification criterion.
We recommend that SonicWall HES users contact the communication partner in order to achieve a configuration adjustment. In addition, if using Microsoft Exchange or O365, an outbound connector can be configured to send directly to the recipient domain.
Learn more at How to add O365 connector for domain specific routing.
Related Articles
Categories
Was This Article Helpful?
YES
NO