Recipient verification
This article describes, what recipient verification is and how the recipient verification file must be created.
- Recipient verification background
- Recipient verification file
- Formatting the recipient verification file
Recipient verification background
Recipient verification is in place to ensure that the right emails are sent to the right recipients for RWTH email addresses with worldwide accessibility.
This verification has already been implemented for all accounts on the central RWTH mail server. For all other servers within RWTH, recipient verification is also essential for the reasons listed below:
- A large number of (bounce) e-mails are transported “unnecessarily” and checked for viruses and spam.
- Spam and virus attacks can therefore quickly lead to an overload at the RWTH Aachen University mailbox.
- Each of these e-mails must be handled in the event of an error, i.e. the sender is notified of the error by bounce e-mail.
Since the sender addresses are usually forged in this context, e-mail notifications are sent to the wrong senders.
These misdirected bounce e-mails therefore reach the wrong person and contain the generated error message as well as the content of the original e-mail.
- With the new mail inbox, over 97% of such e-mails coming from external sources are already rejected.
- Unfortunately, this is often not enough, as many mail servers that are supplied with e-mails via the IT Center reject such e-mails but generate bounce e-mails again.
- The original spam may therefore be sent again via the RWTH mail system.
- This can worsen the e-mail reputation of RWTH Aachen University or lead to some providers no longer wanting to accept e-mails from RWTH domains.
For these reasons, a way was developed to store and organize the e-mail addresses of the institution mail servers in a centralized manner.
This now also enables recipient verification for the mail domains of the individual RWTH institutions. For this purpose, a recipient verification file (text file) is created, which should contain all e-mail addresses of the respective institution.
This data is written to a database that can be queried directly from the mail inbox. This enables the mail exchanger (MX) to decide whether the respective e-mail address exists or not and, if necessary, reject the mail immediately.
This shifts the error handling to the sending mail server. Spam e-mails are blocked directly by this procedure, as the mail inbox is now able to recognize an attack.
For this purpose, the recipient verification file is queried cyclically for each domain and must be made available on a protected web server of the respective institution.
The comparison is carried out every 15 minutes as standard. For security reasons, no synchronization is carried out if
- Network errors occur (timeout, reject, etc.)
- More than 20% of the addresses we have should be deleted
- No file is available
In the event of a database failure, recipient verification is automatically switched off.
Formatting the recipient verification file
In this file, all e-mail addresses of the respective institution must be listed line by line without the domain part.
For example, the following should be listed for the email addresses webmaster@test.rwth-aachen.de, postmaster@test.rwth-aachen.de, admin@test.rwth-aachen.de in the recipient verification file:
webmaster
postmaster
admin
Please note the following restrictions:
- Comment lines are allowed and start with #
- Wildcards are NOT allowed
- The following characters are allowed in address entries:
- Letters a-z
- Digits 0-9
- Special characters “.” “-” “_” “&” “/”
Additional Information:
