So, we're stuck on a debate that has been going on for many years now. Do you disable NDRs to reduce backscatter or leave them on to comply with older systems? Do you filter by valid recipient to reduce backscatter and increase your risk of a harvesting attack, or do you enable all incoming and increase the chance of a NDR flood attack? If you really-really want to follow Microsoft's guidelines, re-read the article you just quoted. Microsoft "recommends" that you set it up the same way I have my system set up. But, like you said, this discussion has digressed into something a bit off-topic, no need to keep kicking it up. This debate has been argued for many years now, and I see no end in sight. ________________________________ From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Wednesday, January 04, 2006 12:20 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: How I spent my Christmas vacation - Email found in subject http://www.ISAserver.org On 1/3/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > Hi Danny, > > Time for some Windows Network education for you. CIL... Time for some RFC education from our friends at Microsoft... http://support.microsoft.com/kb/842851 [...] "As previously discussed, suppressing NDRs is not an RFC-compliant practice. Therefore, suppressing NDRs cannot be generally recommended. Suppressing NDRs also inconveniences the ordinary user who makes a typographical error in the recipient address when he or she sends an e-mail message. The typical expectation of e-mail senders is that unless an NDR is returned, the e-mail message has reached its destination. If the recipient filtering feature is enabled, you may be more at risk from a harvest attack. However, you are also less susceptible to being used as the vector for an NDR flood attack. An NDR flood attack is where a sender deliberately spoofs the return address for a valid domain and then sends invalid e-mail messages to you purporting to be from that domain. Your server then dutifully floods the victim domain with multiple NDR reports." [...] Ahh, the big bad directory harvest attack, well it is moot if your mail server accepts email sent to any recipients within your domain regardless of whether or not they exist. Anyway, I am off to bed and we are way off topic - sorry for the noise folks. Thanks for today's lesson, Dr. Tom. Remember kids, Uncle Danny says to shoot for RFC compliance and best practices. ...D