NDR Message Spam

A

Andrew Hayes

One of our employees has just started receiving hundreds of NDR messages.

We use Exchange 5.5 for our mail server, with McAfee Groupshield as our
email anti-virus solution, and she is using Outlook 2003 as the client,
which is patched to the latest updates.

She gets about 5-15 of these per minute and it looks as though a spammer is
spoofing her email address so that all the NDR, Out of Office, User Not
Found, etc., messages from the people he is spamming are getting sent to
her.

I cannot figure out how to stop them. She is the only one with this problem.

Any ideas?
 
B

Brian Tillman

Andrew Hayes said:
One of our employees has just started receiving hundreds of NDR
messages. ....snip...
She gets about 5-15 of these per minute and it looks as though a
spammer is spoofing her email address so that all the NDR, Out of
Office, User Not Found, etc., messages from the people he is spamming
are getting sent to her.
Click to expand...

Typical. I think you've provided an accurate diagnosis.
I cannot figure out how to stop them. She is the only one with this
problem.
Click to expand...

Use a rule to delete them as they come in.
 
A

Andrew Hayes

Use a rule to delete them as they come in.

Thanks Brian. I had considered that, and I guess it would do as a temporary
solution, but there are so many variations on the responses she gets I would
need 20+ rules to get them all.

Is there a better way? Are these responses identified different from a
regular email? Maybe something in the email header?
 
A

Andrew Hayes

Well, I also added most of the TLDs and Language encoding to the Junk Mail
settings. We certainly don't get valid emails from .be, .ch, .ar, and the
like.

That should also cut down the number she's receiving.
 
B

Brian Tillman

Andrew Hayes said:
there are so many variations on the responses
she gets I would need 20+ rules to get them all.
Click to expand...

I find most NDRs contain fairly common strings so a few rules will catch
most of them. I also find that the sender address username set is fairly
limited as well (daemon, qmail, system, and postmaster are typical strings)
so a rule looking for a particular set of words in the sender address
suffices to catch most of them. I move them to a folder so I can scan the
subject lines before deleteing them just in case I catch something that's
not an NDR.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Messages showing in "Find related" but not in Conversation view 0
A couple questions BEFORE using Office 365 0
need help ASAP word 2016 recipient cant edit 0
Responder receives NDR from a meeting request 0
Responding to meeting request results in NDR about former employee 0
Response to meeting request results in NDR about a former delegate 1
Outlook hiding original message attachment in NDR 0
Duplicate pst, or is it? 1

Top