Non-Account Bouncing vs. Asynchronous Bounce

There are two common methods for protecting against Directory Harvest Attacks: Non-Account Bouncing and Connection Manager. Connection Manager includes a setting called Asymmetric Bounce. These are two similar but very distinct settings on your server.

Non-Account Bouncing is an organization setting, set in your user organization. If enabled, Non-Account Bouncing rejects mail to any address not registered in Perimeter Manager.

It is important to add every address, alias and mailing list before you enable Non-Account Bouncing. Users not added will never receive outside mail.

Connection Manager is set on the email config level, as an Inbound Servers setting. It includes the ability to detect Directory Harvest Attacks. If a sender sends email to many invalid addresses in a short period of time, Connection Manager will block all mail from that sender.

Usually, Connection Manager bases this decision on SMTP error codes from your server, but some servers (including Microsoft Exchange) do not send these codes. In this case, you can enableAsymmetric Bounce. If Asymmetric Bounce is enabled, Connection Manager compares the recipient addresses on incoming email to your registered user list. If a enough recipients are not on your user list, Connection Manager blocks email from that sender.

Add your users before enabling Asynchronous Bounce. If you have not added your users, Connection Manager may block valid senders. However, unlike Non-Account Bouncing, you don't need to add every user. If you have added 90% of your users added, it is safe to enable Asynchronous Bounce.