Description
This article describes the issue when the bounce verification is enabled some Out of Office messages are marked as bounce verification failed.
Scope
FortiMail.
Solution
This behavior is correct. The cause is that some mail servers do not use the sender's email address from SMTP envelope but instead use the sender's address from mail headers to deliver Out of Office responses.
The problem is that the email address in the mail headers does not contain a bounce verification tag. As a result, FortiMail is unable to recognize the message correctly and marks it as a bounce verification failure.
For example:
The problem is that the email address in the mail headers does not contain a bounce verification tag. As a result, FortiMail is unable to recognize the message correctly and marks it as a bounce verification failure.
For example:
Correct:
MAIL FROM:<>
RCPT TO:<prvs=<keyvalue>=sender@domain.tld>
Incorrect:
MAIL FROM:<>
RCPT TO:<sender@domain.tld>
The Out Of Office message should use 'prvs=<keyvalue>=sender@domain.tld' in the RCPT TO field. The problem occurs when 'sender@domain.tld' is used instead, without the bounce verification tag.
In FortiMail v5.x, as a workaround, bounce verification exemptions can be created under 'AntiSpam -> Bounce Verification -> Tagging Exempt List or Verification Exempt List' for the domains or hosts experiencing the issue.
For more information on Tagging Exempt List refer to the guide: Excluding recipient domains from bounce verification
In FortiMail v5.x, as a workaround, bounce verification exemptions can be created under 'AntiSpam -> Bounce Verification -> Tagging Exempt List or Verification Exempt List' for the domains or hosts experiencing the issue.
For more information on Tagging Exempt List refer to the guide: Excluding recipient domains from bounce verification
For more information on the Verification Exempt List refer to the guide: Excluding senders from bounce verification
In FortiMail v.6.x, v7.0, v.7.2, v.7.4, and v7.6, as a workaround, bounce verification exemptions can be created under 'Security -> Bounce Verification -> Tagging Exempt List or Verification Exempt List' for the domains or hosts experiencing the issue.
For more information refer to the guide: Configuring bounce verification and tagging.
Another possibility is to enable 'Bypass bounce verification' on the session profile or domain.
For more information refer to the Configuring sender validation options and Configuring advanced scan settings guide.
