Re: Spoof Mail I think
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 1 Apr 2008 16:18:23 -0400
John Bouley <spamjabouley@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I am having a similar problem. I just posted in another thread... I
think. When I saw this thread I had to comment.
So if I understand what is going on, a Spammer is sending mail to
other mail servers
.....pretending to be from you@xxxxxxxxxxxxxx , yes.
and they are sending unsolicited NDR's back to our
mail server.
I don't know what an unsolicited NDR is, but it's an NDR because the spammer
probably sent to bunch of bogus addresses.
Even if our server was checking Sender ID the NDR's
would still come in since it is coming from a legitimate mail server.
Right?
Yes. It's just inbound e-mail to you@xxxxxxxxxxxxxxx
In that case why can't Exchange 2003 reject the NDR's if it
determines that they are unsolicited? Shouldn't it be smart enough to
know that the user did not send a message to that domain within a set
period of time? Am I missing something?
I don't know why it *can't*, but it *doesn't*. To your Exchange server, this
is just inbound mail - it doesn't look it as an NDR. It doesn't match up
with a previously sent outbound message - that would be pretty much
impossible logistically. The NDR is up to the server that generates it.
Thanks,
John
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OlH0YZ1kIHA.1280@xxxxxxxxxxxxxxxxxxxxxxx
Mark Lasky <MarkLasky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Lanwench for you help.....
Mark
No prob. This situation sucks, but we all have to deal with it.
"Lanwench [MVP - Exchange]" wrote:
Mark Lasky <MarkLasky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I run a SBS 2003 server for an accounting office. A number of
times a week users get an email telling them their message did
not get delivered. They never sent any of those messages they
are getting bounced back to them. I beleive it is some type of
mail spoofing but I am not sure. Here is some of the source
detail that one of the users got back. The interesting thing is
that my users name is Rick Smith and his email is rick@xxxxxxxx
but if you look below rick@xxxxxxxx has the name bran gopinath
affixed to that email address. That is not the name of the real
rick@xxxxxxxx Here is the source detail that we got bounced back
to our user Rick None of this was ever sent from our server. Can
anyone shed some light on this I would greatly appreciate it.
Mark
<snipped for length>
Your senders have been spoofed by spammers. Outside of deleting the
bogus NDRs, there's really nothing you can do about this. You can
add an SPF record to your domain but that won't help if the people
who run the other mail servers don't use/respect them.
.
- Follow-Ups:
- Re: Spoof Mail I think
- From: John Bouley
- Re: Spoof Mail I think
- References:
- Re: Spoof Mail I think
- From: John Bouley
- Re: Spoof Mail I think
- Prev by Date: Re: Client Access License - not sure
- Next by Date: Profile Migration Tool??
- Previous by thread: Re: Spoof Mail I think
- Next by thread: Re: Spoof Mail I think
- Index(es):
Relevant Pages
|
