Delivery Failure Email

 I have an user who receives a hundreds of "Delivery Failure" emails a day in his Outlook connected to Exchange Server. I thought it was going to go away after several weeks, but it has been continuing for more than 2 months.
  For now I created a new rule (every email where the subject has "Delivery Failure" goes to "Deleted\DeliveryFailure" folder) in his Outlook to put them away from INBOX.
  But I need to know how to stop this. The user's computer is virus-protected by Kaspersky and I ran AVG scan just to make sure it is NOT infected.

 Our exchange server (SBS2010/Exch2010) is not being used receive internet emails.
 We have a local ISP that is handling emails. So I am using MAPI Lab POP3 connector to pull new emails from each user's POP mailbox and to drop them into each user's exchange mailbox.

 Most of email addresses that are in this emails are not real. Certainly the links in the body of email are "fake". You can tell by just reading the URL. So I never clicked.

 I know that anyone can create a fake email all day long if they want to, but is there a way to stop this?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'd change the password for the account with the issue.  

If the problem is email spoofing (which it sounds like), you could setup a SPF record to try to stop the spoofing if that's the cause of this.

"The SPF is an open standard specifying a technical method to prevent sender-address forgery. SPF allows administrators to specify which hosts are allowed to send mail on behalf of a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use DNS records to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators."


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Edward ChoManaging Exciting Technology ThingsCommented:
This is a strange setup but is there any reason why you aren't using the exchange to send/receive emails?  

The only other suggestion I can think of right now (minus what you have already done) is to implement a 3rd party solution like Google's Postini.  Your ISP may not be implementing things like SMTP Reverse DNS check  which help prevent people from spoofing your email address/server.
Brad GrouxSenior Manager (Wintel Engineering)Commented:
I'd open a support request with your email provider, as this isn't an issue with Exchange or Outlook. Outlook is simply receiving the failure notice (as is Exchange as you aren't using it to actually send emails). Your email host should be able to verify via logs as to why the failures are occurring.

These sorts of errors can also occur when a host's IP address is blacklisted.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

I would contact the ISP if they are hosting email for you.  If the TO and FROM are just random email addresses for these undeliverables, then I am wondering if there is an open relay somewhere, or something similarly bad going on.
sgleeAuthor Commented:
I changed pop account password on ISP server. As to creating SPF, I will discuss that with ISP.
The owner wanted to use ISP for incoming emails because just in case EXCH or SBS server goes down due to a failure, at least, emails are still begin received on ISP's mail server; therefore, users can check new emails online if they need to or users can wait until EXCH or SBS server is back in operation.
@Brad Groux
They have not been cooperative in resolving this kind of problem in the past citing that "anyone can create fake emails and we can't stop that type of activity". Other users have experienced this from time to time, but they usually go away after a week or two. But it has been going on for month than 2 months for this user.
"If there is a open relay ," --> if, in fact, there is open relay, why is this happening to only one user account when there are 30 user accounts?
sgleeAuthor Commented:
Since the new rule is in place (therefore, the user won't see these emails in his inbox at least) and I changed user's pop account password, I like to see how it goes in the next couple of days.
I will report back in a day or so.
Edward ChoManaging Exciting Technology ThingsCommented:
Try looking at McAfee SaaS Endpoint Protection.  It allows users to use a web interface to send / receive email if the exchange mail service is down (and it resyncs with the exchange server once the connection returns).
Simon Butler (Sembee)ConsultantCommented:
Check this user isn't the "default" recipient for users who are unknown, either at the ISP or the POP connector.

sgleeAuthor Commented:
After changing password for the account, the user is NOT getting those spam emails anymore.

Thanks for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.