Solved

Phantom Email Returns

Posted on 2009-05-08
2
324 Views
Last Modified: 2013-11-30
Occassionally I get non-deliverable notifications of emails that I did not send OR that are addressed to a bogus mailbox in my domain.  My SMTP is NOT an open relay.  Is this the result of a failed attempt to relay or is this something I should be concerned about?

THanks~
0
Comment
Question by:Bob Schneider
2 Comments
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 100 total points
ID: 24336623
Spammers at work, as long as the server reporting the NDR isn't yours, you are good.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 400 total points
ID: 24336680

It's called Backscatter, and generally caused by someone (a spammer) spoofing e-mail addresses (they send as your address / domain). The trouble is it's really really easy to do that, SMTP is really rather insecure.

You can help with this to an extent by implementing an SPF record for your domain. That allows you to state which servers are allowed to send mail as your domain name. It will only help to an extent though, not everyone checks the record, and if they don't they have no way of telling a message is spoofed.

There are wizards to help you make SPF records here:

http://www.openspf.org/

And here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

If you happen to be using Exchange 2007 it is also possible to construct Transport Rules which can tag outbound mail to prevent Backscatter. Then further rules can be configured to drop Inbound Non-Delivery Reports unless the tag is included (which it would be if the message header).

Chris
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question