Re: Question On Spam and Exchange 2003.

Going along with what you have said, i do not see how 3rd party anti-spam
software could sovle this problem either.
The email messages arriving at the users mailbox are from legitimate sources
with a legitimate message. They are NDR's from servers that could not deliver
the content either due to uknown recipient, or the content of the message was
sexual in nature. Why would a Spam filtering tool block a valid NDR message?
Short of the user changing their email address i'm at a loss of what to do.
Dont get me wrong, Changing of the email address is the last thing i want to
do but looking at the options offered i do not see how any of them will
reduce the Spam the users are receiving.
thanks
Blue.

"Bharat Suneja [MVP]" wrote:

- The problem is, even if you can detect the original sender (based on
message headers in the NDR), it's not going to be much help. If I spoof your
email addresses in header fields, there's little to be gained if you block
my ip address/smtp domain/addresses.

- Changing email addresses is a temporary solution at best, but it is
disruptive (recipients need to inform all contacts.... ).
- Generally after a change of email address most folks want to continue to
receive email on the old address, which clearly isn't advisable in this
case.
- Any change of email address(es) should be accompanied by user
self-discipline (if it's even possible) of not using work addresses for
anyhing other than work, and certainly not for filling out web forms or
subscribing to mailing lists/newsletters/newsgroups.
- If such spam is significantly disrupting user productivity, I would
seriously consider the third-party measures suggested in previous post.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"Bluehades" <Bluehades@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0132BBA4-244A-4644-BC10-ACD4F7DEFE77@xxxxxxxxxxxxxxxx
Thank you for your response.

The users receiving the messages are valid users in the Domain.
So in effect if the initial receiving Domain does NOT use SenderID, and my
Spam filter is not catching these messages, the users may actually be
forced
to change their email addresses? Is there no way to track down the sender
of
these messages, or is it assumed there could be thousands of infected
machines and the effort is not worth it?

"Bharat Suneja [MVP]" wrote:

- What you're seeing is "backscatter" - where addresses (valid or not)
from
your domain are used in the From: or Return-path fields by spammers, and
your users are receiving the resulting NDRs
- To drop backscatter/messages for accounts that don't exist, enable
Recipient Filtering and drop messages for recipients that don't exist in
AD
- Publish SPF record for your domain - if the domain receiving the
original
email (spam) uses SenderID, you get some degree of protection
- Exchange doesn't have any built-in mechanism to protect from
backscatter
(for existing/valid recipients). Look at third-party anti-spam filtering
software that does, like GFI Mail Essentials, appliances like Barracuda
or
IronPort, or filtering services like Exchange Hosted Filtering, Postini,
etc.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"Bluehades" <Bluehades@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D2340D2D-C3E9-4141-A17D-27F22F344DB5@xxxxxxxxxxxxxxxx
Hello's
I'm living in spam Nightmare and need some help tracking down an errant
SMTP
engine that is wreaking havoc on users email accounts.
From the looks of things a users email address is being used by an
errant
smtp engine out there. The SMTP engine is sending out massive amounts
of
emails and specifying this users account as the "Return To Address".
Most of these emails are to addresses that dont exist, OR are returned
back
to the user due to the content of the Email. As such, the user's
mailbox
has
thousands of NDR's from remote mail servers.
This is some form of DNS as the user's email account is now un-usable.
What
is the best way to track down the sender (s) of these email messages,
and
has
anyone else experienced this problem?
many thanks
Blue.






.

Relevant Pages

  • Re: SMTP communication problem with the recipients email server
    ... Spam Filters such as Nemx Power Tools for Exchange 2000/2003 are able to ... Filtering is based upon RBL, ... The different recipients do they exist in the same domain as the one ...
    (microsoft.public.exchange.admin)
  • Re: Question On Spam and Exchange 2003.
    ... The users receiving the messages are valid users in the Domain. ... So in effect if the initial receiving Domain does NOT use SenderID, ... Spam filter is not catching these messages, the users may actually be forced ... Recipient Filtering and drop messages for recipients that don't exist in AD ...
    (microsoft.public.exchange.admin)
  • Re: Legal position selling a Sky Plus box
    ... Filtering on the headers and throwing away ... I used filtering with my previous Freeserve account and yes, ... did prevent Outlook Express from downloading too much SPAM. ... The problem escalated to the extent that I was receiving 200+ unwanted ...
    (uk.tech.tv.sky)
  • SPAM filter IMF
    ... Since yesterday the spam are not filtering buy IMF, ... change in my exchange but now i am receiving again spam. ...
    (microsoft.public.exchange.admin)
  • MSF antispam info
    ... Spam and fraudulent e-mail messages are major issues for computer users ... Exchange Server, and Microsoft Exchange Hosted Filtering. ... and personalized spam protection while reducing false positives. ...
    (comp.mail.misc)