Recipient Verification
This article describes what recipient verification is and how the recipient verification file must be created.
- Recipient verification background
- Recipient verification file
- Formatting the recipient verification file
Recipient verification background
Recipient verification is in place to ensure that the right emails are sent to the right recipients for RWTH email addresses with worldwide accessibility.
This verification has already been implemented for all accounts on the central RWTH mail server. For all other servers within RWTH, recipient verification is also essential for the reasons listed below:
- A large number of bounce emails are transported “unnecessarily” and checked for viruses and spam.
- Spam and virus attacks can therefore quickly lead to an overload at the RWTH Aachen University mail system.
- Each of these emails must be handled in the event of an error, i.e. the sender is notified of the error by a bounce email.
Since the sender addresses are usually forged in this context, email notifications are sent to the wrong senders.
These misdirected bounce emails therefore reach the wrong person and contain the generated error message as well as the content of the original email.
- With the new mail inbox, over 97% of such emails coming from external sources are already rejected.
- Unfortunately, this is often not enough, as many mail servers that are supplied with emails via the IT Center reject such emails but generate bounce emails again.
- As a result, the original spam can be sent again via the RWTH mail system.
- This can worsen the email reputation of RWTH Aachen University or lead to some providers refusing to accept emails from RWTH domains.
For these reasons, a method was developed to store and organize the email addresses of the institution mail servers centrally.
This now also enables recipient verification for the mail domains of the individual RWTH institutions. For this purpose, a recipient verification file (text file) is created, which must contain all email addresses of the respective institution.
This data is written to a database that can be queried directly by the mail inbox. This enables the mail exchanger (MX) to decide whether the respective email address exists or not and, if necessary, to reject the mail immediately.
This shifts the error handling to the sending mail server. Spam emails are blocked directly by this procedure, as the mail inbox is now able to recognize an attack.
For this purpose, the recipient verification file is queried periodically for each domain and must be made available on a protected web server of the respective institution.
The comparison is carried out every 15 minutes as standard. For security reasons, no synchronization is carried out if
- Network errors occur (Timeout, reject, etc.)
- More than 20% of the addresses we have would be deleted
- No file is available
In the event of a database failure, recipient verification is automatically switched off.
Formatting the recipient verification file
In this file, all email addresses of the respective institution must be listed line by line without the domain part.
For example, the following entries for the email addresses webmaster@test.rwth-aachen.de, postmaster@test.rwth-aachen.de, admin@test.rwth-aachen.de in the recipient verification file:
webmaster
postmaster
admin
Please note the following restrictions:
- Comment lines are allowed and start with #
- Wildcards are NOT allowed
- The following characters are allowed in address entries:
- Letters a-z
- Digits 0-9
- Special characters “.” “-” “_” “&” “/”
Additional Information:
