Spammers always one step ahead of us, they have launched a new attack using old tricks. Since we have wonderful spam filtering platforms like Exchange Defender and Postini, spammers have to find a way to circumvent the filtering. The question a spammer likely asked, what’s a message that always gets through these platforms? The answer, non-delivery receipts (NDR.)
So if a spammers send enough email using hundreds of thousands of spoofed email addresses, those messages are going to fail and in turn a NDR generated to the spoofed sender. One, two or three NDR’s not a problem but two-hundred plus NDR’s in a user’s mailbox in less then an hour, Houston we have a problem.
We have informed our clients about this issue and have given them the option to allow us to create filters that will quarantine these NDR’s, while also informing them that it will quarantine good NDR’s too.
We also informed them, that now more than ever they need to verify they have the right email address and if they have a critical email they should ask the recipient to reply or call to confirm receipt. If it’s extremely critical they should just call the recipient to confirm receipt.
If you’re facing this issue and need a solution, we can implement a solid plan in two business days that will resolve this problem. We can be reached at (503) 489-2101 or contact us via our website.
ExchangeDefender has had a solution in place for the NDR issue for a while and the solution is genious. Since ExchangeDefender provides an outbound SMTP server for you Exchange email it watermarks all outbound email, inbound NDR’s without the watermark are quarantined, what a great solution.
If you’re already using Postini, they have created a custom filter that will help cut down the volume of NDR’s, visit this link, Postini NDR filter.
Users of GFI’s Mail Essentials now have a new patch to help minimize this NDR traffic.
Filed under: Spam
Just saw this post, and we recently had an outbreak of NDRs come thru. I temporarily disabled NDRs in Exchange for about 24 hours, then turned them back on. Seemed to do the trick, but it was very frustrating at the time. I’m creating a personal repository blog, and this was actually my second blog post. Thanks for your site.
Thanks for the comment.
This NDR attack is actually a little different than what you’re referring to. This is an attack where the client is receiving NDR’s as a result of failed spoofed email, so the NDR’s are being generated by hundreds if not thousands of mail server across the world.
The attach you’re referencing is where a spammer hammers your server with mail, and for those users who don’t exist your server responds back with non-delivery receipts. You should take a look at some Exchange articles on sender filtering, it could help.
The best way to secure your server is by signing up for ExchangeDefender or Postini it will provide perimeter protection for your server, provide additonal antivirus scanning (6 engines) and serve as a mail failover in the event of server down, internet down or just maintenance restarts.
- Brian Williams
Yes, we were getting spoofed, and clients receiving NDRs in their inbox for spam they never sent. Have Sender Filtering enabled, and a perimeter protection in place….Spammers Suck.