user is getting undeliverable email reports about emails that he didn't send

Hello Experts,

We have exchange 2016 with DAG in our network.
One of our user is getting undeliverable email reports about emails that he didn't send and he receiving 100s of emails in a day.

Appreciating any advise and suggestions
LVL 3
cciedreamerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
sounds like someone is spoofing the sending address

do you have an SPF record in place in your public DNS?
that will help reduce it by specifying servers that are allowed to send for your domain so that if you own foo.com and your SPF record has a certain host for foo.com, someone who spoofs the address from somewhere else can't send the message because whatever is sending the message isn't in the allowed list in the SPF record

also check to make sure your domain is not on any blacklist as a result of the spoofing
0
MaheshArchitectCommented:
0
cciedreamerAuthor Commented:
Hi
We already have SPF in place

v=spf1 include:spf.emailfilteringserver.com -all

Note: I have replace email spam filtering server name with emailfilteringserver.com
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MichelangeloConsultantCommented:
Non-Delivery Reports received about emails one did not send (i.e. backscatter) could be a side effect of forged spam emails. You can filter or reject it or, better, adopt some anti backscatter logic such as Bounce Address Tag Validation. Only caveat is that BATV has not gone past RFC stage and, while adopted my many modern anti spam enginges it may conflict with delivery of Out Of Offices email and some mailing list software.
0
cciedreamerAuthor Commented:
Is there way I can create rule on Exchange Server to prevent this NDRs reaching to users ?
0
cciedreamerAuthor Commented:
There is no way to overcome this issue ?
0
MichelangeloConsultantCommented:
Not really IMHO: backscatter is made of machine-generated bounce emails, you can manage  transport rules on your exchange
- to prevent them from being delivered, but you would filter out legitimate bounces too, so you can't be proactive, you need to be reactive and keep updating rules.
- to prevent your exchange from emitting backscatter, but you would have to fine tune the logic you apply to your MXes
Best route would be to adopt a commercial product which does anti backscatter, preferably a cloud service as they are usually cheaper and allow to scale at will.
Some ideas, they come mostly with a 30 day free trial so you can test if they deliver
Most cheap should be
https://www.duocircle.com/blog/monthly-spam-filtering-service/
Other cloud services
https://mxguarddog.com/
https://www.comodo.com/business-security/email-security/antispam-gateway.php
https://www.spambrella.com/
https://www.spamtitan.com/spamtitan-cloud/
https://www.reflexion.net/

See also a previous question.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cciedreamerAuthor Commented:
We are using Cloud based Symantec Messaging Gateway however Symantec but they do not have solution to this issue.
0
MichelangeloConsultantCommented:
Good choice: I have experience with the virtual appliance version: it uses BATV to block backscatter.
Ask symantec support if cloud based service which your organization is using has got BATV active.Most important, make sure you do not have an issue of stolen credentials for the account which is receiving NDRs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.