Messaging Gateway

 View Only

Prevent Bounce Attacks with Brightmail 

Aug 29, 2010 12:56 PM


A bounce attack occurs when a spammer obscures message origins by using one email server to bounce spam to an address on another server. The spammer does this by inserting a target address into the “Mail From” value in the envelope of their messages then sending those messages to another address.

Symantec Brightmail Gateway product does not come configured off the box to prevent bounce attacks.

Rule of thumb before doing this configuration is that all your outgoing e-mail should be going through Brightmail Gateway so that they can processed.

So here is what you need to do to configure the Brightmail to protect you against those attacks. (This procedure is accurate for Brightmail Gateway version 9.0.x. For earlier versions, you just need to find the proper configuration points for the same actions)

We basically need to do three configuration changes to prepare for these attacks:
A. Assigning a seed value
B. Configure policy groups
C. Creating a policy

So, step by step, here is what we need to do:

A. Assign a Seed Value

  1. Login to Brightmail web console.
  2. Navigate to Administration > Settings > Control Center. And open Certificates tab.
  3. Type in an 8 character alpanumeric seed into the "Bounce attack prevention seed" box.
  4. Click Save.

(Click on image for original size)

This seed will be used when creating validation tags for outgoing messages.
You need to do this for each Brightmail which has a Control Center role in your environment.

B. Configure Policy Groups

  1. Navigate to Administration > Users > Policy Groups.
  2. Select the policy group you want to process and click Edit button.
  3. Click on Spam tab.
  4. Select the check box next to the option "Enable bounce attack prevention for this policy group".
  5. Click Save at the bottom of the page.

(Click on image for original size)

(Click on image for original size)

If you do not configure at least one policy group, bounce attack prevention will remain disabled.

C. Create a Spam Policy

You need a spam policy to define the action when there is a bounce attack. To do so:

  1. Navigate to Spam > Policies > Email.
  2. Click Add button.
  3. Name the policy, for example "Bounce attack policy"
  4. For If the following condition is met: condition, select "If a message fails bounce attack validation". (You'll notice that "Apply to" section will change to "Inbound messages" automatically.
  5. As for the action, select "Reject messages failing bounce attack validation" option and click "Add Action". (This is the recommended action, but you may chose something else as per your needs)
  6. Select the policy group you wish this rule to be applied.
  7. Click Save.

(Click on image for original size)

Now your Brightmail Gateway is ready to protect your environment against bounce attacks.

Bekir Burak Durmaz

0 Favorited
0 Files

Tags and Keywords


Oct 12, 2019 07:27 AM

Read the 10.6 of higher smg admin guide for more info.

Oct 12, 2019 05:21 AM

Hello Bekir,
Why when I applied this rule, the action I chose to be taken was applied on all inbound auto replies.
Thanks in advance

Sep 14, 2017 02:52 PM

Grate Artical Mr.Bekir

 i am siva kesava,i am learning about Symantec messiging gatewayi have an small doubt regarding Symantec messaging gateway

how to integrate exchange 2010 with smg, is any possible way to intigrate because in my exchange i have 100 users soo i have 100mails so it not possible to create a users in smg soo import is best option for protect my user mail with malware, unwanted mail

please send any document for about my question with graphical pics and also if have documents for creating policys for smg please send me, my mail id


Aug 16, 2012 06:37 AM


I've added the suggested Bounce Attack in the first url. Seems to work ok, but how can I test this from an external souce (as I've only added for the inbound messages) ?

Thanks, Trond

Sep 13, 2010 12:08 AM

Excellent...thanks a lot!!!

Sep 06, 2010 01:16 AM


Aug 31, 2010 05:08 AM

I'll keep it coming :D

Aug 31, 2010 02:24 AM

Hello Bekir,
You Always create good articles. Thank you for this.

Best Regards.

Related Entries and Links

No Related Resource entered.