Solved

Phantom Email Returns

Posted on 2009-05-08
2
321 Views
Last Modified: 2013-11-30
Occassionally I get non-deliverable notifications of emails that I did not send OR that are addressed to a bogus mailbox in my domain.  My SMTP is NOT an open relay.  Is this the result of a failed attempt to relay or is this something I should be concerned about?

THanks~
0
Comment
Question by:Bob Schneider
2 Comments
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 100 total points
ID: 24336623
Spammers at work, as long as the server reporting the NDR isn't yours, you are good.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 400 total points
ID: 24336680

It's called Backscatter, and generally caused by someone (a spammer) spoofing e-mail addresses (they send as your address / domain). The trouble is it's really really easy to do that, SMTP is really rather insecure.

You can help with this to an extent by implementing an SPF record for your domain. That allows you to state which servers are allowed to send mail as your domain name. It will only help to an extent though, not everyone checks the record, and if they don't they have no way of telling a message is spoofed.

There are wizards to help you make SPF records here:

http://www.openspf.org/

And here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

If you happen to be using Exchange 2007 it is also possible to construct Transport Rules which can tag outbound mail to prevent Backscatter. Then further rules can be configured to drop Inbound Non-Delivery Reports unless the tag is included (which it would be if the message header).

Chris
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now