• Information

New behaviour of RBL operator Spamhaus

18.11.2024|Last edited:18.11.2024

The RBL operator Spamhaus has been operating so-called catch addresses for some time. The use of these addresses is legitimate, but can lead to reputable domains being added to a blocklist. This blog article explains the adjustments we recommend to NoSpamProxy customers.

What is it about?

Catch addresses are used to send fake or falsified phishing emails so that, in the event of a response from a recipient address, the associated email domain or email server can be added to the self-operated blocklist. The legitimate reason for this is that users within the email domains operated should not respond to fake emails. The use of catch addresses therefore makes it possible to potentially punish such behaviour.

What is the problem?

This procedure has an undesirable side effect: If a non-existent internal address is contacted by such a catch address without NoSpamProxy itself already filtering which target addresses are to be considered valid recipients, the non-deliverability report generated by the internal email server is interpreted as a manual response from a user. As a result, the automatically generated non-deliverability report places your own system on a blocklist, which may severely restrict outgoing email traffic.

What should NoSpamProxy customers do?

We recommend that our customers take the following steps:

  1. Using one of the usual methods (user import from the (Azure) Active Directory or import from a text file), ensure that NoSpamProxy is aware of all valid target addresses within your company as an entry in the under Identities > Corporate users.
  2. Under Configuration > Rules, check that the Corporate email address option is selected for the recipient under Scope > Direction for all rules for processing inbound emails. The reason for this is that when the first option is configured, NoSpamProxy only processes inbound emails to target addresses that are stored under Company user instead of any address to one of the domains entered as own domains. This configuration actively prevents addresses that do not have their own email account from being contacted. Accordingly, no non-delivery report is generated by a downstream system.

Universitätsmedizin Essen relies on NoSpamProxy for IT securityUniversitätsmedizin Essen setzt für IT-Sicherheit auf NoSpamProxy PreviewWas ist eine Software Bill of Materials SBOM PreviewWhat is a Software Bill of Materials (SBOM) and why is it so important?