What is NDR (Non-Delivery Report) Spam?

Root Folder
 What are NDRs?

Non-Delivery reports are messages sent back to the sender of the e-mail stating that their message did not reach the intended recipient. These reports are caused by invalid recipient e-mail addresses, large attachment sizes, RBL listed, etc. Microsoft Exchange tends to send out a log of NDR messages if recipient filtering is not turned on.

These NDR message come from valid mail servers to the address it believes sent the message. You can usually notice these messages pretty easily when you see a message from Mailer Daemon, Postmaster, or Administrator.

These messages don't necessarily go to the person who sent the message. They go to the person who's e-mail address was used to send the message. Someone doesn't have to use your server to send out a message from your e-mail address. They simply insert your e-mail address as their own when they set up their account.

What is NDR spam?

NDR spam occurs when a spammer uses your e-mail address to send out massive amounts of spam. In most cases your mail server has not been compromised, the spammer is usuing their own systems. When a message is bounced and triggers and NDR, the message gets sent to the e-mail address used to send the message, not to the server that sent the message. That means that someone using your e-mail address to send message can cause your inbox to be flooded with NDR message for e-mail you never sent.

How do I stop people from using my e-mail address?

The short answer is that you can't. Sending an e-mail with another person's e-mail address as the sender is as easy as sending out a letter and putting someone else's return address on the envelope. There are some new protocols, such as Sender Policy Framework (SPF), which give you a method of specifying which servers your mail can come from but it is only effective if the recipient's server supports it.

How do I prevent NDR spam?

It is very difficult to prevent NDR spam since the messages are coming from valid mail servers. The servers sending the messages are normally not known spammers, not on any blacklists, or not suspected as sending spam at all. The easiest way to prevent any future NDR spam is to change your e-mail address. The only other method is to try to create mail rules to delete messages with known words in the subject such as Undeliverable, or Bounced.

Add Feedback