No announcement yet.

User is receiving NDR emails!

  • Filter
  • Time
  • Show
Clear All
new posts

  • User is receiving NDR emails!

    Hi Folks,
    A user is receiving NDR emails, whereas she has never sent any email to [email protected]. But keeps on receiving NDR. There is no other details mentioned with that NDR..

    Furthur Details:
    "The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
    < #5.0.0>"

    Basically how should I followup this issue to troubleshoot this? What r the possible aspects are there? If anyone can guide me it'll be highly appreciable...

  • #2
    Re: User is receiving NDR emails!

    This sounds like the by-product of a "Joe job". It is not uncommon for spammers and viruses to forge return email addresses. In that way the spammer's server does not have to handle bounce backs and the virus sender gets a little less visibility. It's not something you have a lot of power over.

    This sort of thing helps

    Look at setting up SPF or sender ID DNS record that allow recipients to drop mail purporting to be from you but not sent from one of your named mailservers. This will make your domain less attractive to spammers and hopefully some of the virus based chatter will get dropped rather than bounced.

    Set your own machine to honour SPF / Sender ID (don't ask people to do stuff that you are not prepared to)

    If email that has been accepted by your mail server is tagged as spam/viral quarantine it and sent notification forward to the user - Do Not send failure back down the (often forged) return path.

    Ideally reject spam at your mail system boundary before you accept it. The best place for spam is blocking up the sender's mail server. This also releases you of any return path obligations. If you didn't take the mail from the sending mail server then it is up to them not you to inform the sender of failure (this cuts down the amount of backscatter from viral/spam with forged addresses.

    Remember email is a lot like paper mail. The sender address is whatever you want to write on the back!

    Also as a mail admin you have a duty to inform the sender of any mail that you have accepted form another server if you drop it. If you quarantine email you should always pass notification froward (either the sender or the recipient MUST know in the event of non delivery) Email can not be trusted if mail admins just drop stuff at will.

    Golden rule Do not accept mail unless you are prepared to
    1. Deliver it
    2. Quarantine it any inform the recipient
    3. Tell the sender if you block it
    As number 3 is the issue here then (once again with feeling) do not accept (or let your ISP accept on your behalf) mail that you intend to reject or drop as part of further processing!


    Note initial sender ID spec is broken and interferers needlessly with SPF make sure you get a DNS record that plays well with both MS was warned about the issue (They give incorrect SPF information as part of there spec and were warned about it before publication. This is one example of MS not playing nicely with others and is grist to the anti-MS brigade. Unfortunately it is deserved in this case)
    Last edited by RMortimer; 9th October 2008, 09:36. Reason: Additional info


    • #3
      Re: User is receiving NDR emails!


      Thanks alot for this useful reply....It is working now...Thank you very much...