Spam bounce from myself

Posted on 2006-06-29
Last Modified: 2008-01-09
Here is the situation.

    I am blocking all emails from my own domain on my relay server, since no
email from my organization will originate from the outside.

    I think this is what is happening.  Spammers are sending emails to my
ISP smtp backup server like this:


    My relay server is rejecting them.  The ISP smtp server is receiving the
smtp rejection and creating a postmaster bounce to me, since my email was in
the from: field.  The bounced message has the original spam email attached.  This means the
spammer was successful in getting me the email.  I.E. one of my users could
open the attachment and allow whatever is in the email to happen. (tojan,
phishing, etc.)

    My question is:  how do I stop this from happening?

    Here is the bounce message.

-----Original Message-----
From: System Administrator []
Sent: June 26, 2006 9:00 PM
To: ME
Subject: Undeliverable: Roolex for you

Your message

  To:      ME
  Subject: Roolex for you
  Sent:    Mon, 26 Jun 2006 20:59:07 -0400

did not reach the following recipient(s):

ME on Mon, 26 Jun 2006 21:00:22 -0400
    The e-mail system was unable to deliver the message, but did not report
a specific reason.  Check the address and try again.  If it still fails,
contact your system administrator.
    < #5.0.0 X-Postfix;
host[] said:
550    5.7.1 Message rejected. (in reply to end of DATA command)>
Question by:dauyeung
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 97

Expert Comment

ID: 17010832
Greetings, dauyeung !

Instead of your relay server rejecting the spam emails, have it delete them.  Then there will be nothing to bounce.

Best wishes!

Author Comment

ID: 17011182
I'm not sure if this would work.

Wouldn't the relay server still send an NDR to the sender, which is one of my users?

LVL 34

Expert Comment

ID: 17011253
First, you can't stop spammers from sending E-Mails claiming to be from you.

Second, you can't stop mailservers the world over from accepting E-Mail claiming to be from your Domain but clearly originating from elsewhere.

Third, you can't stop those mailservers - which are accepting E-Mail with detectable bogosity - from generating an NDR back to the faked FROM address and thus annoying your users.

About the only way to shield your users would be to construct a mail filter that examined incoming NDRs for plausability, perhaps by checking the mail server logs for recently transmitted messages to the same Domain.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 17

Accepted Solution

upul007 earned 250 total points
ID: 17012067
I disagree with PsiCop. If you have set up email servers to check and reject emails based on the sending domains spf records, there is hope. Perhaps your back up servers are not set to do this. Some servers do not even accept emails from domains without reverse dns records. You should check further and seek a solution through your isp.

Author Comment

ID: 17012101
Good idea upul007.

Hadn't thought of ISP filtering.  As for SPF, I wonder how many servers actually use it.  I do have an spf record for our domains.

Anyone have other ideas?

LVL 17

Expert Comment

ID: 17015810
SPF is supported by Exchange 2003 SP 2 and Alt-N's MDeamon. Here in Sri Lanka certain ISP's actually use this facility to promote their services.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Prevent own domain email spoofing in Exchange 2010 2 190
Opera UI gone nuts 4 73
android: how can i send queued outbox unsent gmail 4 135
Emailing from selectable addresses 4 35
Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question