Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3812
Views
5
Helpful
1
Replies

Envelope sender is bounces+...

bvj197222
Level 1
Level 1

‎10-04-2021 03:59 AM - edited ‎10-04-2021 04:31 AM

Hello,

 

we get a lot of advertising email and also regular info-email where the sender typically is 'bounces+xxxxx-firstname-lastname=domain.com@somedomain.com. The sender address '..firstname.lastname..' is a legit person in our organization. For the sake of the case let's call our employee Bill Johnson and our company is Contoso. So Bill.Johnson@contoso.com at our company get email where the envelope sender is stated to be bounces+5291031-0a54-bill.johnson=contoso.com@email.somedomain.com

 

SENDER:bounces+5291031-5c0e-bill.johnson=contoso.com@email.somedomain.com
RECIPIENT:

bill.johnson@contoso.com

 

Why is that? We had some spam to our organization, so for a while I blocked all email where the envelope sender contained 'bounce+..'. However that was a bad idea, as we get a lot of legit email with bounces'.... as part of the envelope sender domain.

Can someone please help me clearify the reason why the sender address being bounces+?

 

 

 

Labels:
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎12-08-2021 09:38 PM

From what I've seen bounces+ are used by a lot of marketing email senders usually to keep track of subscription based emails.

These do not always have to be spam, however ESA would be able to action actual emails based on its content and other factors.

 

If there are legitimate spam being missed you can certainly submit them to Talos.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/214133-how-to-submit-email-messages-to-cisco.html

 

Regards,

Libin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents