Avatar of pbrane
 asked on

Suddenly we are recieving a lot of email spoofing reports from various customers 11-04-08

Over the last couple of weeks we are starting to get reports from different customers that they are receiving alot of NDRs for emails they never sent.
I would like to confirm that this is due to spoofing and nothing else.
If its agreed that it spoofing I would like to confirm that the only tools I have against this problem is a rDNS setup for all the exchange servers and a SPF record.

Hope to hear all your comments on this.
Email ServersVulnerabilities

Avatar of undefined
Last Comment

8/22/2022 - Mon

We have been receiving a lot of these at my employer's as well. Very odd. We use proofpoint for our spam detection and it does not seem to catch them either.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

All I have is a forwarded NDR here is the header. Not sure if that the server sending the NDR or the original sender. Received: (qmail 52279 invoked from network); 4 Apr 2008 02:17:50 +0400
Received: from
  by webrika.ru with SMTP;
Thats definitely not us.

I really appreciate these comments. We have been digging around and trying to find a solution. Its time we created a vigilate group and this time we won't use technology we'll just use garden forks and scyths !!!! haha

Please keep them coming, someone out there might have a sweet trick up their sleeve.


Well as you can identify yourself, the mail was sent by Webrika.ru from their SMTP gateway, which as you say is not you, but more likely a russian spam company or at least from a russian webpage.

Now you have identified these at the spoofers, all thats left is to sit down and cry *sigh*

I had several of these cases in the past (and still receive some of these mails) and as yet we have not found a single viable solution that does not end up blocking real email as well.

The best bet is to either change the mails from those that receive an exorbitant amount, or create filters that removes the most common used phrases in the return emails from spoof attempts.

Oh and if you do form the vigilante group, i'll come and bring my lawnmover or garden axe.....we might catch some virus builders together with the spammers if we are lucky
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

hahahaha it seems vigilante group is the only option.

What do you think to SPF records. Or are these pointless due the fact NDRs will still come back to us?

You can add them, but the NDR's will still come and if you start to block those, you may end up blocking valid buisness partners, and since the spammers continue to expand you will just receive more and more.

I must admit that I have given up personally on finding a way out, except for headhunting the spammer and doing some good old-fashion decapitation and shrinking of skulls, heck I even got approval to hire a true witchdoctor.....

Finding the spammers, thats the nasty part

Thanks Cholmskov, I am going to leave this ticket open for a little longer while a sharpen the blades just in case...
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

Sure thing, im already a premium member so im not really worried about points and so, I do this for fun and to help others :)

Although this does not resolve the issue I think it outlines the options for us smaller companies.