Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NDR Spam attack

Posted on 2010-11-18
6
Medium Priority
?
899 Views
Last Modified: 2012-05-10
My client suddenly has 1 user receiving loads of these NDR's thtough:

----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
To: User
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  info@yug-poliv.ru
    mailbox is full: retry timeout exceeded

Needless to say he didnt send the original message.

My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.

There are 0 queues in Exchange 2007 EMC.

How do I stop this? The majority are from .ru domains!
0
Comment
Question by:hongedit
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34162577
The problem could be in the fact that his email address is being spoofed by some spamming club/program. Though he did not send the origional message, the receiving mailservers simply return the NDR to the sender addres, the user's one.
There's not much you can do to prevent this from happening, even with the best email hygiene. If there's only one person (who has the users email address) out there is getting hit by a virus or similar they could start using the user's (and all other found addresses) as fake sender addresses.
0
 
LVL 1

Author Comment

by:hongedit
ID: 34163141
So there's nothing I can do? He's now getting hundreds through every hour, its insane!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34163214
You could block NDR's at the server.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 1

Author Comment

by:hongedit
ID: 34163218
But they need to be able to receive real NDR's :(

Crap.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 34163323
It is...... One of the side effects of our modern communication technology.
0
 
LVL 1

Author Closing Comment

by:hongedit
ID: 34163328
Thanks....I'll have to find another workaround!
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question