HOME

TheInfoList



OR:

A bounce message or just "bounce" is an automated message from an
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
system, informing the sender of a previous message that the message has not been delivered (or some other delivery problem occurred). The original message is said to have "bounced". This feedback may be immediate (some of the causes described here) or, if the sending system can retry, may arrive days later after these retries end. More formal terms for bounce message include "Non-Delivery Report" or "Non-Delivery Receipt" (NDR), ailed"Delivery Status Notification" (DSN) message, or a "Non-Delivery Notification" (NDN).


Classification

Although the SMTP is a mature technology, counting more than thirty years, the architecture is increasingly strained by both normal and unsolicited load. The email systems have been enhanced with reputation systems tied to the actual sender of the email, with the idea of recipient's email servers rejecting email when a forged sender is used in the protocol. Therefore, two types of email bounces have been created: hard bounces and soft bounces. Both of them affect the IP reputation of the sender because the Email Service Providers (ESPs) consider the total bounce rate as a decision factor when directing the email into a user's Inbox. Briefly, the total bounce rate is calculated as the sum of the hard bounce rate and soft bounce rate.


Hard bounces

Hard bounces are permanent and they score higher in terms of sender's IP damage. Hard bounces occur when the sender's mail server determines that there is a high likelihood that the recipient is unavailable and is likely to remain so. A few of the occasions when hard bounces occur are when the recipient of the email finds himself in one of the following situations: incorrect identifier/incorrect domain (such as a typo in the email address or in the domain) or his server does not accept emails anymore. In this case, removal of the email addresses that bounce back is mandatory.


Soft bounces

Soft bounces are temporary. A bounced message that experiences a soft bounce may be tried to be redelivered at another time. Soft bounces happen when the recipient of the email has either a full Inbox and therefore no space to store another email, or a limit on the size of the emails that it is allowed to receive. Additional situations in which a soft bounce appears is a block set up on the recipient's email to mark a certain sender as a 'spam' sender, or to blacklist a certain sender. Moreover, a temporary suspension of the recipient's email or a temporary error on the server are also causes of a soft bounce.


Delivery errors

Errors may occur at multiple places in mail delivery. A sender may sometimes receive a bounce message from their ''own'' mail server, reporting that it has been unable to send a message, or alternatively from a ''recipient's'' mail server reporting that although it had accepted the message, it is unable to deliver it to the specified user. When a server accepts a message for delivery, it is also accepting the responsibility to deliver a bounce message in the event that delivery fails.


Bounce due to lack of disk space

When an e-mail arrives at the destination server for an address (such as mymail.example, when sending to ''alice@mymail.example''), it may be that the mail
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
is unable to deposit the message in the specified user's mailbox if the underlying
hard drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...
of the server has insufficient space.


Bounce due to unreachable destination

When sending an e-mail, the service from which the e-mail is sent may be unable to reach the destination address. In such case, the sender would receive a bounce message from their own mail server. Common causes for mail servers being unable to reach a destination: * Unable to
resolve Resolve may refer to: * ''Resolve'' (Lagwagon album) * ''Resolve'' (Last Tuesday album) * "Resolve" (song), by the Foo Fighters *'' The Resolve'', a 1915 American silent short drama film * "Resolve" (''One Tree Hill'' episode) *''Resolve'', a Brit ...
the destination address. For example, if the domain name does not exist. * Unable to establish a connection with the destination address. For example, if the IP address is not assigned to a server, or if the server is
offline In computer technology and telecommunications, online indicates a state of connectivity and offline indicates a disconnected state. In modern terminology, this usually refers to an Internet connection, but (especially when expressed "on line" or ...
.


Bounce from forged message

Users may receive erroneous bounce messages about messages they never actually sent. This can happen in particular in the context of
email spam Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
or email viruses, where a spammer (sender) may forge a message to another user (intended recipient of spam), and forges the message to appear from yet another user (a third party). If the message cannot be delivered to the intended recipient, then the bounce message would be "returned" to the third party instead of the spammer. This is called
backscatter In physics, backscatter (or backscattering) is the reflection of waves, particles, or signals back to the direction from which they came. It is usually a diffuse reflection due to scattering, as opposed to specular reflection as from a mirror, a ...
.


Other causes

Had the ''library.example'' mail server known that the message would be undeliverable (for instance, if Jill had no user account there) then it would ''not'' have accepted the message in the first place, and therefore would not have sent the bounce. Instead, it would have rejected the message with an SMTP error code. This would leave ''Jack's'' mail server (at ''store.example'') the obligation to create and deliver a bounce.


Terminology

Bounces are a special form of
autoresponder An autoresponder is a computer program that automatically answers e-mail sent to it. They can be very simple or quite complex. The first autoresponders were created within mail transfer agents that found they could not deliver an e-mail to a given ...
. Autoresponses (automatic replies) are mails sent by a program—as opposed to a human user—in reply to a received mail and sent to the
bounce address {{No footnotes, date=June 2016 A bounce address is an email address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MA ...
. Examples of other auto replies are vacation mails, challenges from challenge-response spam filtering, replies from
list servers A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients. The term is often extended to include the people subscribed to such a list, so the group of subscribers is re ...
, and feedback reports. These other auto replies are discussed in RFC 3834: auto replies should be sent to the Return-Path stated in the received mail which has triggered the auto reply, and this response is typically sent with an empty Return-Path; otherwise auto responders could be trapped in sending auto replies back and forth. The Return-Path is visible in delivered mail as header field Return-Path inserted by the SMTP
mail delivery agent A message delivery agent (MDA), or mail delivery agent, is a computer software component that is responsible for the delivery of e-mail messages to a local recipient's mailbox., ''Internet Mail Architecture'', D. Crocker (July 2009) It is also call ...
(MDA) (which is usually combined with a
mail transfer agent The mail or post is a system for physically transporting postcards, letters, and parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid-19th century, national postal syst ...
, or MTA). The MDA simply copies the reverse path in the SMTP MAIL FROM command into the Return-Path. The MDA also removes bogus Return-Path header fields inserted by other MTAs; this header field is generally guaranteed to reflect the last reverse path seen in the MAIL FROM command. Today these paths are normally reduced to ordinary
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
es, as the old SMTP '
source routing In computer networking, source routing, also called path addressing, allows a sender of a packet to partially or completely specify the route the packet takes through the network. In contrast, in conventional routing, routers in the network determ ...
' was deprecated in 1989; for some historical background info see
Sender Rewriting Scheme The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing. Background In a number of cases, including c ...
. One special form of a path still exists: the empty path MAIL FROM:<>, used for many auto replies and especially all bounces. In a strict sense, bounces sent with a non-empty Return-Path are incorrect. RFC 3834 offers some
heuristics A heuristic (; ), or heuristic technique, is any approach to problem solving or self-discovery that employs a practical method that is not guaranteed to be optimal, perfect, or rational, but is nevertheless sufficient for reaching an immediate, ...
to identify incorrect bounces based on the local part (left hand side before the "@") of the address in a non-empty Return-Path, and it even defines a mail header field, Auto-Submitted, to identify auto replies. But the mail header is a part of the mail data (SMTP command DATA), and MTAs typically don't look ''into'' the mail. They deal with the ''envelope'', that includes the MAIL FROM address (a.k.a. Return-Path, Envelope-FROM, or "reverse path") but not, e.g., the RFC 2822-From in the mail header field From. These details are important for schemes like
BATV In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to for ...
. The remaining bounces with an empty Return-Path are non-delivery reports (NDRs) or delivery status notifications (DSNs). DSNs can be explicitly solicited with an SMTP Service Extension, however it is not widely used. Explicit requests for delivery failure details is much more commonly implemented with
variable envelope return path Variable envelope return path (VERP) is a technique used by some electronic mailing list software to enable automatic detection and removal of undeliverable e-mail addresses. It works by using a different return path (also called "envelope sender" ...
(VERP), while explicit requests for them are rarely implemented. NDRs are a basic SMTP function. As soon as an MTA has accepted a mail for forwarding or delivery it cannot silently delete ("drop") it; it has to create and send a bounce message to the ''originator'' if forwarding or delivery failed.


Bouncing vs. rejecting

Excluding MDAs, all MTAs forward mails to another MTA. This next MTA is free to ''reject'' the mail with an SMTP error message like ''"user unknown"'', ''"over quota"'', etc. At this point the sending MTA has to ''bounce the message'', i.e. inform its originator. A bounce may arise also without a rejecting MTA, or as RFC 5321 puts it:
''"If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path)."''
This rule is essential for SMTP: as the name says, it's a 'simple' protocol, it cannot reliably work if mail silently vanishes in black holes, so bounces are required to spot and fix problems.


Silently dropping messages

Today, however, it can be common to receive mostly
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
emails, which usually uses forged Return-Paths. It is then often impossible for the MTA to inform the originator, and sending a bounce to the forged Return-Path would hit an innocent third party. In addition, there are specific reasons why it is preferable to silently ''drop'' a message rather than ''reject'' it (let alone ''bounce'' it): * Heuristically filtered spam. Spam filters are not perfect. Rejecting spam based on content filtering implies giving to spammers a test environment where they can try several alternatives until they find content that passes the filter. *
Virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...
es and
worm Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always). Worms vary in size from microscopic to over in length for marine polychaete wor ...
s. Most times these are sent automatically from an infected machine. Since a bounce may contain a copy of the worm itself, it may contribute to its diffusion. Quoting again RFC 5321, section 6.2:
''"As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If silent message-dropping is misused, it could easily undermine confidence in the reliability of the Internet's mail systems. So silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate."''
Not validating the sender is an inherent flaw in today's SMTP, which is without the deprecated source routes mentioned earlier. This is addressed by various proposals, most directly by
BATV In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to for ...
and SPF.


Causes of a bounce message

There are many reasons why an email may bounce. One reason is if the recipient address is misspelled, or simply does not exist on the receiving system. This is a ''user unknown'' condition. Other reasons include resource exhaustion — such as a full disk — or the rejection of the message due to
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
filters. In addition, there are MUAs that allow users to "bounce" a message on demand. These user-initiated bounces are bogus bounces; by definition, a real bounce is automated, and is emitted by a MTA or MDA. Bounce messages in
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
are sent with the envelope sender address <>, known as the ''null sender address''. They are frequently sent with a From: header address of MAILER-DAEMON at the recipient site. Typically, a bounce message will contain several pieces of information to help the original sender in understanding the reason his message was not delivered: * The date and time the message was bounced, * The identity of the mail server that bounced it, * The reason that it was bounced (e.g. ''user unknown'' or ''mailbox full''), * The headers of the bounced message, and * Some or all of the content of the bounced message. RFC 3463 describes the codes used to indicate the bounce reason. Common codes are 5.1.1 (Unknown user), 5.2.2 (Mailbox full) and 5.7.1 (Rejected by security policy/mail filter).


Format

The format for the reporting of administrative messages is defined by . A DSN may be a
MIME Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message ...
''multipart/report'' message composed of three parts: # a human readable explanation; # a machine parsable ''message/delivery-status'', a list of ''"name: type; value"'' lines that state several possible fields; and # the original message, or a portion thereof, as an entity of type ''message/rfc822''. The second part of a DSN is also quite readable. It is essential to understand which MTA played which role. The ''Reporting-MTA'' is responsible for composing and sending the DSN. When a ''Remote-MTA'' rejects a message during an SMTP transaction, a field ''Diagnostic-Code'' of type ''smtp'' may be used to report that value. Note that beside the numerical 3-digit value, the SMTP response contains itself a human readable part. The information Remote-MTA: dns; smtp.store.example 92.0.2.3Diagnostic-Code: smtp; 550 No such user here :is sometimes reported as, e.g.,
while talking to smtp.store.example  92.0.2.3>>> RCPT TO:
<<< 550 No such user here


Security implications

On 10/04/2021 an Australian Security Researcher (Sebastian Salla) demonstrated how email bounce messages could be abused to reduce the operational effectiveness of email spam and malware filters. The default behaviour for many email gateways is to include an untampered copy of inbound message headers within bounce messages. Through analysis of these message headers, a threat actor is able to positively identify whether or not their email would end up in a targets mailbox. This attack can be scaled to encompass dozens of vulnerable targets which improves the efficiency of phishing campaigns.


See also

*
Backscatter In physics, backscatter (or backscattering) is the reflection of waves, particles, or signals back to the direction from which they came. It is usually a diffuse reflection due to scattering, as opposed to specular reflection as from a mirror, a ...
(Backscatter of email spam) *
Bounce Address Tag Validation In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to for ...
(BATV) *
Email tracking Email tracking is a method for monitoring whether the email messages is read by the intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or open ...
*
Sender Policy Framework Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is ...
(SPF) *
DomainKeys Identified Mail DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed ...
(DKIM) *
Sender Rewriting Scheme The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing. Background In a number of cases, including c ...
(SRS) *
Simple Mail Transfer Protocol The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typica ...
(SMTP) *
Variable envelope return path Variable envelope return path (VERP) is a technique used by some electronic mailing list software to enable automatic detection and removal of undeliverable e-mail addresses. It works by using a different return path (also called "envelope sender" ...
(VERP)


Related RFCs

* - Simple Mail Transfer Protocol * - Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs) * - The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages * - Enhanced Status Codes for SMTP * - An Extensible Message Format for Delivery Status Notifications * - Recommendations for Automatic Responses to Electronic Mail * - Internationalized Delivery Status and Disposition Notifications


References


External links


Mail DDoS Attacks through Non Delivery Messages

Microsoft DSNs and NDRs in Exchange Server

Understanding Bounce Email
{{DEFAULTSORT:Non Delivery Report Email Email authentication Internet Standards