Outgoing NDR

Posted on 2008-06-11
Last Modified: 2010-04-21
Hi there.

I´m running an Exchange 2003 server on my Home network.
It´s fully updated and running fine.
Lately I have been recieving alot of NDR´s.
I have been reading that I shouldn´t disable NDR because I could get blacklisted.
But at Technet, Microsoft encourages you to disable NDR.
My question is, is there a difference between disabling outgoing NDR and ingoing?
I should think it would be ok to accept incomming ndr and have the server not generate outgoing in case of false recipients?
Is that the way to do it?
Under internet message formats you can disable ndr´s, but is that for outgoing, ingoing or both?
If you can disable outgoing only, where do I do that?
I have set up spf records and that seems to have solved the massive ndr recieving, but I figured I might as well disable outgoing to spare others the problems with recieving ndr from my server.
I have been thinking to set up my real domain name under internet message formats and remove ndr from that one and leave the * as it is with ndr on. Would this be a bad idea?
Question by:Ducknaldi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1

Expert Comment

ID: 21760235
See the following which talks about disabling NDR's:

If you disable NDR's, all outgoing will be disabled but you will still see incoming NDR's if you have a failed email sent out for example to another person.
If you still want a copy of the NDR's that would normally go out, then the best thing is to use "Send copy of non-delivery report to" and set it to something like
This way, if someone sends an email to a user that does not have an address (undeliverable) then you will receive a copy of this email. Very useful!


Expert Comment

ID: 21760290
First, disabling NDR will not get you blacklisted from my experiences, not disabling it can land you on a "backscatter" blacklist however due to volume of NDRs being sent out from your server during a spam session.

The one under internet format is for outgoing only. The only way to block NDRs from other companies would be to filter them out inside of exchange. I personally disable outgoing NDRs but I don't block incoming ones. This results in some of my users who are used as spoofing addresses to get some emails claiming they sent an email when they didn't but I just keep educating them on why that happens and they seem to be understanding of it.

As for adding your domain and leaving NDR off but leaving the default on, I personally would recommend disabling NDR all around. It can still land you on a backscatter list so you might as well avoid it all together from the get go.


Expert Comment

ID: 21760444
Good comment tsorensen55, makes a lot of sense.
I have had problems here with spoofed addresses and false NDR's coming in as well.
It's hard to get your head around for some people, trying to explain it!
This is something you can't do much about.

Ideally switching NDR's off is probably not best because they used to be quite useful, but now it seems to be unmanageable with the amount of spam emails being sent the server is put under such load!

(If anybody really wants to see if an email is delivered they can always use delivery receipts anyways)
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 21760621
tsorensen55 I think I´ll award you the points, but tell me first.
How does anyone ever find out if I´m generating ndr´s or not.
I mean to find out if I´m doing that, these services would have to spam my mailserver with non-plausible mails or what?
If the server accepts an email, everything is fine.
But if the user does not exist and my server doesnt generate a ndr, then, at least in my logic, the sending part should do nothing further, because the mail didn´t bounce and everything should at least look fine to the sending part or what???
And by the way. How do you block incomming ndr´s?
I feel we can live without real ndr´s so I might as well block them all, to get rid of all those stupid mails comming in.
Can you do that in exchange og do I have to use a GFI product instead?

Author Comment

ID: 21761008
Hi Chrissmann

You are perfectly right there.
I use delivery receipts in very important mails anyway, so I might as well block all ndr´s completely, if possible.

Accepted Solution

tsorensen55 earned 250 total points
ID: 21761114
To find out if you are sending NDRs out simply send an email from an external account like hotmail etc to a bogus address inside of your organization ie send to if you receive a bounce back that the user doesn't exist in that organization from your corporate mail server than NDR is enabled.

If you have it turned off then you are correct, nothing happens once it finds out that there is no valid address there. As far as the sender is concerned the message went through and it does not resend.

As for blocking incoming, we use 2 barracuda devices in my organization so i'm not extremely familiar with the options inside of exchange. I'm researching it on a stock exchange server I have in my test bed and should know something here shortly on how to block it. In my cuda devices I would do a subject filter of emails containing "Undeliverable" or "Undelivered".

Expert Comment

ID: 21761409
I totally agree with using the delivery receipts as a source of verification. It is unfortunate that a simple function of communication letting you know something went wrong has turned into such an easy way to abuse mail servers and bandwidth. There have even been stints as of late where spammers are forging fake NDRs to try and slip by anti-spam techniques and it really makes me wish NDRs would just be removed/rewritten as a whole to avoid this sort of thing.

Author Closing Comment

ID: 31466162

Expert Comment

ID: 21980670
I've got a similar problem.  Ever since i changed my exchange server's rDNS to the same of the DNS i get 100 or so undeliverable messages a day.  All of them spam messages either using my email address as a spoof or using my server.

I have no idea what to do, maybe change the settings back to a non FDQN.

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question