Re: Question On Spam and Exchange 2003.
- From: "Bharat Suneja [MVP]" <bharat@xxxxxxxxxx>
- Date: Tue, 10 Jul 2007 09:42:06 -0700
They are NDR's from servers that could not deliver
the content either due to uknown recipient, or the content of the message was
sexual in nature. Why would a Spam filtering tool block a valid NDR message?
Take a look at the message headers in your NDR - not the headers of the NDR message but the body.
Here's one example:
Received: from s135.secure.ne.jp (port=13339 hello=megfhirbjnigc)
From: Albert Carter yhlxybwtpc@xxxxxxxxxxxxxxxx
To: blah@xxxxxxx
Return-Path: my address
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
------------------------------
"Bluehades" <Bluehades@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:240F7F60-D18A-499E-A514-2CD56B369581@xxxxxxxxxxxxxxxx
Going along with what you have said, i do not see how 3rd party anti-spam
software could sovle this problem either.
The email messages arriving at the users mailbox are from legitimate sources
with a legitimate message. They are NDR's from servers that could not deliver
the content either due to uknown recipient, or the content of the message was
sexual in nature. Why would a Spam filtering tool block a valid NDR message?
Short of the user changing their email address i'm at a loss of what to do.
Dont get me wrong, Changing of the email address is the last thing i want to
do but looking at the options offered i do not see how any of them will
reduce the Spam the users are receiving.
thanks
Blue.
"Bharat Suneja [MVP]" wrote:
- The problem is, even if you can detect the original sender (based on
message headers in the NDR), it's not going to be much help. If I spoof your
email addresses in header fields, there's little to be gained if you block
my ip address/smtp domain/addresses.
- Changing email addresses is a temporary solution at best, but it is
disruptive (recipients need to inform all contacts.... ).
- Generally after a change of email address most folks want to continue to
receive email on the old address, which clearly isn't advisable in this
case.
- Any change of email address(es) should be accompanied by user
self-discipline (if it's even possible) of not using work addresses for
anyhing other than work, and certainly not for filling out web forms or
subscribing to mailing lists/newsletters/newsgroups.
- If such spam is significantly disrupting user productivity, I would
seriously consider the third-party measures suggested in previous post.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------
"Bluehades" <Bluehades@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0132BBA4-244A-4644-BC10-ACD4F7DEFE77@xxxxxxxxxxxxxxxx
> Thank you for your response.
>
> The users receiving the messages are valid users in the Domain.
> So in effect if the initial receiving Domain does NOT use SenderID, and > my
> Spam filter is not catching these messages, the users may actually be
> forced
> to change their email addresses? Is there no way to track down the > sender
> of
> these messages, or is it assumed there could be thousands of infected
> machines and the effort is not worth it?
>
> "Bharat Suneja [MVP]" wrote:
>
>> - What you're seeing is "backscatter" - where addresses (valid or not)
>> from
>> your domain are used in the From: or Return-path fields by spammers, >> and
>> your users are receiving the resulting NDRs
>> - To drop backscatter/messages for accounts that don't exist, enable
>> Recipient Filtering and drop messages for recipients that don't exist >> in
>> AD
>> - Publish SPF record for your domain - if the domain receiving the
>> original
>> email (spam) uses SenderID, you get some degree of protection
>> - Exchange doesn't have any built-in mechanism to protect from
>> backscatter
>> (for existing/valid recipients). Look at third-party anti-spam >> filtering
>> software that does, like GFI Mail Essentials, appliances like >> Barracuda
>> or
>> IronPort, or filtering services like Exchange Hosted Filtering, >> Postini,
>> etc.
>>
>> -- >> Bharat Suneja
>> MVP - Exchange
>> www.zenprise.com
>> NEW blog location:
>> exchangepedia.com/blog
>> ----------------------------------------------
>>
>>
>> "Bluehades" <Bluehades@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:D2340D2D-C3E9-4141-A17D-27F22F344DB5@xxxxxxxxxxxxxxxx
>> > Hello's
>> > I'm living in spam Nightmare and need some help tracking down an >> > errant
>> > SMTP
>> > engine that is wreaking havoc on users email accounts.
>> > From the looks of things a users email address is being used by an
>> > errant
>> > smtp engine out there. The SMTP engine is sending out massive >> > amounts
>> > of
>> > emails and specifying this users account as the "Return To Address".
>> > Most of these emails are to addresses that dont exist, OR are >> > returned
>> > back
>> > to the user due to the content of the Email. As such, the user's
>> > mailbox
>> > has
>> > thousands of NDR's from remote mail servers.
>> > This is some form of DNS as the user's email account is now >> > un-usable.
>> > What
>> > is the best way to track down the sender (s) of these email >> > messages,
>> > and
>> > has
>> > anyone else experienced this problem?
>> > many thanks
>> > Blue.
>>
>>
>>
.
- References:
- Re: Question On Spam and Exchange 2003.
- From: Bharat Suneja [MVP]
- Re: Question On Spam and Exchange 2003.
- From: Bluehades
- Re: Question On Spam and Exchange 2003.
- From: Bharat Suneja [MVP]
- Re: Question On Spam and Exchange 2003.
- From: Bluehades
- Re: Question On Spam and Exchange 2003.
- Prev by Date: OWA split DNS problem
- Next by Date: Tracking down Outgoing Spam in Exchange 2003
- Previous by thread: Re: Question On Spam and Exchange 2003.
- Next by thread: Re: Exchange server 2003 sp3 errors 9341 & 9360
- Index(es):
Relevant Pages
|
