Delivery Failure Email

Posted on 2014-08-11
Last Modified: 2014-08-19
 I have an user who receives a hundreds of "Delivery Failure" emails a day in his Outlook connected to Exchange Server. I thought it was going to go away after several weeks, but it has been continuing for more than 2 months.
  For now I created a new rule (every email where the subject has "Delivery Failure" goes to "Deleted\DeliveryFailure" folder) in his Outlook to put them away from INBOX.
  But I need to know how to stop this. The user's computer is virus-protected by Kaspersky and I ran AVG scan just to make sure it is NOT infected.

 Our exchange server (SBS2010/Exch2010) is not being used receive internet emails.
 We have a local ISP that is handling emails. So I am using MAPI Lab POP3 connector to pull new emails from each user's POP mailbox and to drop them into each user's exchange mailbox.

 Most of email addresses that are in this emails are not real. Certainly the links in the body of email are "fake". You can tell by just reading the URL. So I never clicked.

 I know that anyone can create a fake email all day long if they want to, but is there a way to stop this?
Question by:sglee
    LVL 23

    Accepted Solution

    I'd change the password for the account with the issue.  

    If the problem is email spoofing (which it sounds like), you could setup a SPF record to try to stop the spoofing if that's the cause of this.

    "The SPF is an open standard specifying a technical method to prevent sender-address forgery. SPF allows administrators to specify which hosts are allowed to send mail on behalf of a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use DNS records to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators."

    LVL 3

    Expert Comment

    by:Edward Cho
    This is a strange setup but is there any reason why you aren't using the exchange to send/receive emails?  

    The only other suggestion I can think of right now (minus what you have already done) is to implement a 3rd party solution like Google's Postini.  Your ISP may not be implementing things like SMTP Reverse DNS check  which help prevent people from spoofing your email address/server.
    LVL 14

    Expert Comment

    by:Brad Groux
    I'd open a support request with your email provider, as this isn't an issue with Exchange or Outlook. Outlook is simply receiving the failure notice (as is Exchange as you aren't using it to actually send emails). Your email host should be able to verify via logs as to why the failures are occurring.

    These sorts of errors can also occur when a host's IP address is blacklisted.
    LVL 6

    Expert Comment

    I would contact the ISP if they are hosting email for you.  If the TO and FROM are just random email addresses for these undeliverables, then I am wondering if there is an open relay somewhere, or something similarly bad going on.

    Author Comment

    I changed pop account password on ISP server. As to creating SPF, I will discuss that with ISP.
    The owner wanted to use ISP for incoming emails because just in case EXCH or SBS server goes down due to a failure, at least, emails are still begin received on ISP's mail server; therefore, users can check new emails online if they need to or users can wait until EXCH or SBS server is back in operation.
    @Brad Groux
    They have not been cooperative in resolving this kind of problem in the past citing that "anyone can create fake emails and we can't stop that type of activity". Other users have experienced this from time to time, but they usually go away after a week or two. But it has been going on for month than 2 months for this user.
    "If there is a open relay ," --> if, in fact, there is open relay, why is this happening to only one user account when there are 30 user accounts?

    Author Comment

    Since the new rule is in place (therefore, the user won't see these emails in his inbox at least) and I changed user's pop account password, I like to see how it goes in the next couple of days.
    I will report back in a day or so.
    LVL 3

    Expert Comment

    by:Edward Cho
    Try looking at McAfee SaaS Endpoint Protection.  It allows users to use a web interface to send / receive email if the exchange mail service is down (and it resyncs with the exchange server once the connection returns).
    LVL 63

    Expert Comment

    by:Simon Butler (Sembee)
    Check this user isn't the "default" recipient for users who are unknown, either at the ISP or the POP connector.


    Author Comment

    After changing password for the account, the user is NOT getting those spam emails anymore.

    Thanks for your help.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Sometimes Outlook might have problems sending a message. There may be various causes- corrupted PST, AV scanner etc. The message, instead of going to the Sent Items folder, sits in the Outbox indefinitely. To remove it you can use a free tool cal…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video discusses moving either the default database or any database to a new volume.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now