Why Hosted CanIt requires Recipient Verification
When CanIt relays accepts mail for a domain example.com and relays it to the back-end mail server, it is very important that CanIt not accept mail for nonexistent recipients. There are two reasons for this:
- First, accepting mail for nonexistent recipients wastes CPU time as the mail is unnecessarily scanned for spam.
- Second, trying to deliver mail to nonexistent recipients may cause CanIt or the back-end server to create non-delivery notifications. These useless notifications are called backscatter and can get the CanIt machine or your back-end mail server blacklisted.
How can CanIt verify recipients?
The simplest way for CanIt to verify recipients is to ask the back-end mail server if they exist. And the simplest way to do this is to run a "mini-SMTP" session against the back-end server. Well-configured servers will reject a RCPT To: command that specifies a nonexistent recipient. This feature of CanIt is called Verification Servers.
Unfortunately, some SMTP servers (Microsoft Exchange, for example) do not reject invalid RCPT commands by default. If you are running Microsoft Exchange, you may be able to fix this misconfiguration:
- Exchange 2003
- Exchange 2007
- Exchange 2010
- Exchange 2010 with only a Hub Transport Server
- Exchange 2013 and 2016. Note that we have not tested the Exchange 2013/2016 instructions and cannot guarantee they will work.
- Office 365 / Exchange Online Protection
For Exchange 2007 and later, you should disable all anti-spam controls except for Recipient Filtering.
Are there other ways to verify recipients?
If you can't or don't want to use a Verification Server, you can use one of two other possibilities to verify recipients:
- You can integrate CanIt with a back-end LDAP server such as Active Directory.
- You can explicitly list all valid recipients in the CanIt web interface and tell CanIt only to deliver to those recipients.
How can I find out more?
To find out more about Recipient Verification, please see our training videos: