How Bounce Verification works on Cisco ESA Email to avoid the Denial of Service DOS of your email infrastructure.
The idea behind this kind of attack is that the attacker creates a message with the spoofed email address on a legitimate user inserted into the Envelop, under the From: Field, let’s say firstname.lastname@example.org.
The MTAs located outside are not responsible of the lab.public domain and send a bounce message to the sender email@example.com, the bounce messages will have know the RCPT field RCTP: joe@public, the Cisco ESA receives these bounce messages and propagated inside your email infrastructure, this is bad and useless thousand messages entering and bringing down your email infrastructur.
The Bounce Verification is very cool feature, the idea is to tell to Cisco ESA, for each outbound mail, tag the message, more precisely, modify the From field in the envelop, let’s say From: firstname.lastname@example.org to From:pvrs=123ABC@lab.pub, the 123ABC represents the tag and is unique, how is it possible to have a unique tag for each user, the tag is calculated by hashing the user and domain portion and very important a secret key.
If illegitmate bounce messages is seen on the listener of the Cisco ESA with RCTP: email@example.com, the Cisco ESA drops these messages because the TAG is missing.