MX Messaging Resources

Welcome to MX Messaging Resources Sign in | Join | Help

Home

Blogs

Forums

Downloads

MX Messaging Resources » MxToolBox » Ask MXToolbox » NDR's from spoofed Email

NDR's from spoofed Email

Last post 08-13-2008, 5:38 PM by Wendy. 5 replies.


	Sort Posts: Previous Next

04-17-2008, 10:05 AM 1986

Anonymous

NDR's from spoofed Email

Reply Quote

Hi,

Some of our users are getting a lot of NDR's sent to them because their address has obviosuly been used as a spoofed sender for Spam.

Since these are legitimate emails they are not being blocked by Spam filters etc.

Does anyone have any thoughts on the best way to stop this.

Thanks

04-17-2008, 10:27 AM 1987 in reply to 1986

Peter LeBlond
Joined on 02-01-2007
Posts 80

Re: NDR's from spoofed Email

Reply Quote

You can read my previous response here: http://mxtoolbox.com/cs/forums/post/1536.aspx, but unfortunately there's not too much you can do as an end user.

Some larger solutions have a little luck by being able to see a huge volume of traffic. By analyzing traffic patterns they can detect backscatter and do something about it before the connections make it to your mail server. We do offer services like this for businesses and you can get more information by contacting sales@mxtoolbox.com

Peter
Product Development Engineer
peter@MXToolBox.com
512-637-8762

Report abuse

04-22-2008, 9:04 AM 2066 in reply to 1987

Anonymous

Re: NDR's from spoofed Email

Reply Quote

I have got exactly this problem right now. For the past two days I have received about 2000 NDR emails as my email address has been spoofed by Russian and Korean spammers (amongst others). I changed my email server password to check if my smtp server was actually sending the mails, but it is not - I have simply been used as the "reply to" address. I can think of no way to stop this other than to close down my address and use a new one. Very drastic and incredibly annoying but what else is to be done?

04-22-2008, 9:18 AM 2068 in reply to 2066

Peter LeBlond
Joined on 02-01-2007
Posts 80

Re: NDR's from spoofed Email

Reply Quote

I would strongly recommend against doing anything as drastic as that. These attacks are usually short lived and you can find your inbox again by writing a pretty simple filter that looks for NDR wording and tossing those messages into a folder for a short term solution.

For a long term solution, if you do not already have a managed perimeter defense around your mail server, it is time to look at getting one. We offer services from many different vendors and our own in house solution as well. If you have any more questions, please give us a call or send a message to sales@mxtoolbox.com to see what is available.

Peter

Peter
Product Development Engineer
peter@MXToolBox.com
512-637-8762

Report abuse

08-11-2008, 9:47 AM 10993 in reply to 2068

Anonymous

Re: NDR's from spoofed Email

Reply Quote

I have the same issue, was told by Microsoft FrontBridge support to create an SPF record with the company hosting DNS for my domain. Am in the process of doing this now, hope it helps. Here's a good link with instructions:

http://old.openspf.org/index.html

08-13-2008, 5:38 PM 11014 in reply to 10993

Wendy
Joined on 09-26-2007
Austin
Posts 104

Re: NDR's from spoofed Email

Reply Quote

This is a great site for creating an SPF record: http://old.openspf.org/wizard.html, we often recommend it for our clients as well. However, if you are not certain of all the places that are able to send mail on your behalf (fax machine, 3rd party services, websites etc) it can cause problems.

Another great wizard is available from Microsoft at http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.

We would not recommend implementing an SPF if you are intensely aware of your network infrastructure as an improperly configured SPF record can have drastic affects on your mail flow.

Thank you,
Wendy

Wendy
MXToolBox Support
support@mxtoolbox.com

Filed under: spf record

Report abuse