user is getting undeliverable email reports about emails that he didn't send

Hello Experts,

We have exchange 2016 with DAG in our network.
One of our user is getting undeliverable email reports about emails that he didn't send and he receiving 100s of emails in a day.

Appreciating any advise and suggestions
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
sounds like someone is spoofing the sending address

do you have an SPF record in place in your public DNS?
that will help reduce it by specifying servers that are allowed to send for your domain so that if you own and your SPF record has a certain host for, someone who spoofs the address from somewhere else can't send the message because whatever is sending the message isn't in the allowed list in the SPF record

also check to make sure your domain is not on any blacklist as a result of the spoofing
cciedreamerAuthor Commented:
We already have SPF in place

v=spf1 -all

Note: I have replace email spam filtering server name with
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Non-Delivery Reports received about emails one did not send (i.e. backscatter) could be a side effect of forged spam emails. You can filter or reject it or, better, adopt some anti backscatter logic such as Bounce Address Tag Validation. Only caveat is that BATV has not gone past RFC stage and, while adopted my many modern anti spam enginges it may conflict with delivery of Out Of Offices email and some mailing list software.
cciedreamerAuthor Commented:
Is there way I can create rule on Exchange Server to prevent this NDRs reaching to users ?
cciedreamerAuthor Commented:
There is no way to overcome this issue ?
Not really IMHO: backscatter is made of machine-generated bounce emails, you can manage  transport rules on your exchange
- to prevent them from being delivered, but you would filter out legitimate bounces too, so you can't be proactive, you need to be reactive and keep updating rules.
- to prevent your exchange from emitting backscatter, but you would have to fine tune the logic you apply to your MXes
Best route would be to adopt a commercial product which does anti backscatter, preferably a cloud service as they are usually cheaper and allow to scale at will.
Some ideas, they come mostly with a 30 day free trial so you can test if they deliver
Most cheap should be
Other cloud services

See also a previous question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cciedreamerAuthor Commented:
We are using Cloud based Symantec Messaging Gateway however Symantec but they do not have solution to this issue.
Good choice: I have experience with the virtual appliance version: it uses BATV to block backscatter.
Ask symantec support if cloud based service which your organization is using has got BATV active.Most important, make sure you do not have an issue of stolen credentials for the account which is receiving NDRs.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.