Strange Emails

Posted on 2009-02-16
Last Modified: 2013-11-07
I have a user with Exchange and he is getting bounced back emails (Not real bounced backs but look like it) and in the from it has our domain name and then the IP address which is not our IP. He is getting this type of emails often.  Any ideas as to how and why this is happening?
Question by:bsmalleyscso
    1 Comment
    LVL 58

    Accepted Solution

    This is typical NDR spam - and there is unfortunately not much you can do about it. It works because a spammer sends lots of emails - claiming to be from your user(s) and to fake email addresses - to various mail servers over the Internet. These servers, who do not know who the fake recipients are, then create hundreds of NDR messages, bouncing them back to your user's mailbox because that is "apparently" the place where the mail came from.

    Just about the only way which you should be able to stop this spam is using SPF records to control what servers can send for your email domain. SPF will have some effect, but there will be plenty of smaller mail servers out there which spammers can use to "bounce" the mail off because such servers are often not configured with SPF enabled.

    To actually prevent the users getting the undeliverables, the best way I have found is to create an Outlook rule to delete messages with "Delivery Status Notification" in the subject (assuming that's the type of NDRs you're getting). The risk with this is that they will delete a legitimate NDR though. The servers being used by the spammers should really be configured not to send spam for domains and even recipients they don't know, but that obviously isn't going to happen. You could also just wait - because the spammers tend to hit hard, but then move on after a few hours / couple of days.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
    The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now