This section of the ORF help describes the settings available in the DHA Protection Test Settings dialog.
These settings control how many invalid delivery attempts may be performed by a single IP address (within a specified period of time) before it is considered an attacker and gets banned.
The larger the number of attempts, the lesser the chance to catch a distributed attack in time. The smaller the number, the higher the chance for false positives.
Set for how long the attacker is banned (rejected) for violating the above policy.
Exclude specific IP addresses or senders from the DHA Protection Test using these lists.
By default, the Sender Exception List contains two items, both are for detecting Delivery Status Notifications (DSNs). We recommend that you keep these two items to prevent false positives due to backscatter. Consider that made-up email addresses of your domain can be used for spamming. In this case, poorly configured, but otherwise legitimate MTAs will try to send DSNs to these made-up addresses and thus would get banned.
Use this to verify whether the sender is actually authorized to send emails on behalf of the domain it claims to represent and not just spoofing it to bypass filtering: If the sending domain has a published SPF policy, the email must "pass" the SPF evaluation to be excluded from filtering.
Exclude specific recipient addresses from the data collection process, i.e., addresses that do not count as an invalid delivery attempt.
Typically, you want to add email addresses that are no longer valid, but they used to be. Consider the following scenario: 10 of your end-users are subscribed to an email newsletter, but 3 of them leave your company. If the invalid attempt threshold is configured to 3, there is a good chance that newsletter delivery will trigger a ban and the remaining 7 end-users will not get the newsletter either.
Note that once a sender is banned, adding the recipient email address that has triggered the ban to the exception list will not remove the sender from the DHA blacklist database. In this case, we recommend adding the sender itself to the Sender or IP Exception list.
See the Database Settings Dialog topic.