Sender Verification, "envelope Senders whose domain does not exist"

Available Languages

Updated:October 13, 2014

Document ID:118556

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Description

Introduction

In the mail logs, you might see the error for "envelope sender domain does not exist."

Description

The Cisco Email Security Appliance (ESA) makes an MX record query for the domain of the sender address. It then performs an A record lookup on the MX records. If, for any of these queries, the DNS server returns 'NXDOMAIN' (there is no record for this domain), the ESA treats that domain as non-existent. This falls into the category of "envelope senders whose domain does not exist." NXDOMAIN can mean that the root name servers are not providing any authoritative name servers for this domain.

Example:

 Mon Nov 20 10:50:05 2006 Info: New SMTP ICID 1605269 interface InternalNet
 (10.101.150.43) address 192.168.23.36 reverse DNS host small-mail.example.com
 verified yes
 Mon Nov 20 10:50:05 2006 Info: ICID 1605269 ACCEPT SG UNKNOWNLIST match
 sbrs[0.0:10.0] SBRS 3.5
 Mon Nov 20 10:50:05 2006 Info: ICID 1605269 Address: < jane@example.com> sender
 rejected, envelope sender domain does not exist
 Mon Nov 20 10:50:05 2006 Info: ICID 1605269 lost
 Mon Nov 20 10:50:05 2006 Info: ICID 1605269 close