Undeliverable emails
Hello. I was wondering if someone could give me some insight on the problem i'm having. I have a user that is receiving these undeliverable email messages in their inbox. The thing is the user is not sending these emails. There is no indication in their sent items folder that the messages are being sent from their account. The environment is a SBS 2003 Server with Exchange 2003 and client is xp os with outlook 2003. I'm attaching the header and message of one of these emails. I'm thinking these are just spam emails trying to look like undeliverables but I'd rather be sure and not end up on someones blacklist. Here's the things I've tried already. Scanned the user's computer for viruses, nothing came up. Changed user's password and detected and repaired Outlook. And they are still getting them.
header2.txt
message2.txt
header2.txt
message2.txt
YiHateu
http://en.wikipedia.org/wiki/E-mail_spoofing
Hi,
I think these NDR messages are not spams by themselves but are answers to spams sent by someone on Internet that is using your users email addresses as the sender of the forged messages.
This is a classical spoofing attempt to deliver spams:
The spammer connects on a computer somewhere on Internet and starts to send forged e-mail messages. If the spammer uses absolutly random sender e-mail address in its forged messages these spam emails would be easily refused by target SMTP servers if these servers check existence of the sender mail domain and the sender mailbox...
So, usually spammers use real e-mail addresses to fill the sender field of their forged spam e-mails.
The result is that if the target server can not deliver the spams it will answer to the sender that is mentioned in the spam header. That's why you receive NDR for e-mails you have never sent. This is just because your e-mail is used by a spammer somewhere on Internet.
Have a good day.
I think these NDR messages are not spams by themselves but are answers to spams sent by someone on Internet that is using your users email addresses as the sender of the forged messages.
This is a classical spoofing attempt to deliver spams:
The spammer connects on a computer somewhere on Internet and starts to send forged e-mail messages. If the spammer uses absolutly random sender e-mail address in its forged messages these spam emails would be easily refused by target SMTP servers if these servers check existence of the sender mail domain and the sender mailbox...
So, usually spammers use real e-mail addresses to fill the sender field of their forged spam e-mails.
The result is that if the target server can not deliver the spams it will answer to the sender that is mentioned in the spam header. That's why you receive NDR for e-mails you have never sent. This is just because your e-mail is used by a spammer somewhere on Internet.
Have a good day.
ASKER
PaciB so with your answer, I should not have to worry about my email server being blacklisted?
YiHateu is correct. Someone is using your user's email account to send spam emails out. It is ridiculously easy to use someone else's email address as the sender's email address. That was a feature way back in the day when you might send an email from work, but want a reply email to go to your home email address, for instance. What that "feature" means is that it is very easy to spoof an email address. I can easily send you an email appears to come from obama@whitehouse.gov.
There is really nothing you can do about it but tell the user to ignore those emails, or write a email filter to delete them or send them to a folder. I am assuming you would not want to give the user a new email address and disable the old one...
There is really nothing you can do about it but tell the user to ignore those emails, or write a email filter to delete them or send them to a folder. I am assuming you would not want to give the user a new email address and disable the old one...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
you might consider setting up an SPF record. that tells the world "only these ip addresses are allowed to claim to be from us".
most companies honor SPF records, and if someone from norway sends an email claiming to be from your domain, it'll be rejected without sending an NDR to you.
it takes about 10 minutes to do, and is really easy
http://old.openspf.org/wizard.html
most companies honor SPF records, and if someone from norway sends an email claiming to be from your domain, it'll be rejected without sending an NDR to you.
it takes about 10 minutes to do, and is really easy
http://old.openspf.org/wizard.html
I don't think your email server will be blacklisted because normally the blacklist managers ensure that spams are really sent from a SMTP server before including it in a blacklist.
In your case, it's a SMTP domain spoofing. It is not your servers that sends spams, so you should not be blacklisted.
More and mode companies add some SMTP tests before accepting an incoming e-mail. In your example, if the e-mail server of "sv01.nsc.no" would have made a reverse DNS test it would have refused the incoming spam because the IP address of the spammer computer doesn't match with spoofer sender e-mail domain name "ourdomain.com".
Have good day
In your case, it's a SMTP domain spoofing. It is not your servers that sends spams, so you should not be blacklisted.
More and mode companies add some SMTP tests before accepting an incoming e-mail. In your example, if the e-mail server of "sv01.nsc.no" would have made a reverse DNS test it would have refused the incoming spam because the IP address of the spammer computer doesn't match with spoofer sender e-mail domain name "ourdomain.com".
Have good day
By the way,
bryon4403 gave you a good advice. You should ensure that you already have created your RDNS and SPF DNS records because more and more companies make anti-spam tests and if you wan't to be able to send e-mail to any company without being rejected by their SMTP server you should follow bryon4403 advice.
And of course you should share some EE points to him
bryon4403 gave you a good advice. You should ensure that you already have created your RDNS and SPF DNS records because more and more companies make anti-spam tests and if you wan't to be able to send e-mail to any company without being rejected by their SMTP server you should follow bryon4403 advice.
And of course you should share some EE points to him
points? what are points? :)
ASKER
sorry I jumped the gun on giving the points up bryon44035v3, but PaciB did answer my question in it's entirety. But you did provide additional information that will help me out so if there's a way to give extra points let me know.
ASKER
hey bryon44035v3 would you mind helping me out with the spf record or should I start another post? I'm not sure in my situation if I have to set up multiple spf records or if i can do it in one. my situation is this. we have about 6 domains hosted at godaddy and the mx records point to our SBS 2003 Exchange Server which is hosted internally. so all the domains show up as coming from one ip. and that ip reverses to mail.ourmaindomain.com