Home Solutions Help Me! About Testimonials Contact

Receiving invalid NDR bounces?
You're not the only one.

If you are receiving “bounce back” messages from emails you know you didn’t send, please read the following:

  1. If you are not on RESTECH’s email security system, please contact Jeff@restech.net for information on how to protect your organization from email-borne security threats and annoyances.
  2. If you are a current subscriber, we will need your authorization to apply a filter that blocks these attacks. The downside is that ALL NDR messages are quarantined or dropped depending on your filter choices.

You will not receive any notices of bad email addresses when this filter is applied.

Click Quarantine to authorize us to apply the filter that Quarantines your NDR messages.

Click DROP to authorize us to apply the filter that drops all your NDR messages.

Here’s some background: Spammers have increased their utilization of "spoofing" or "joe-jobbing" (falsifying the "From" address of an email) in the last few weeks, resulting in some users receiving an increased numbers of bounce messages for mail they did not send. Postini captures the majority of NDRs when the bouncing server preserves the original spam content.



What’s an NDR?
A non-delivery receipt (NDR) is a message that a mail server sends to notify the sender when a problem occurs with delivery. For example, if you type a recipient's address incorrectly, the receiving server might send you a message that looks similar to this:

Types of normal NDR messages include:

  • User unknown: The recipient's address doesn't exist on the receiving server, and the message is bounced
  • Server resources are unavailable; for example, the recipient's mailbox is full
  • Auto-reply vacation or out-of-office messages
  • Auto-reply list server or mailing list responses


NDR spam: Why am I receiving an NDR for a message I didn’t send?
NDRs are a normal part of email exchanges, but spammers' activities can cause spikes in NDR activity. Spammers send junk messages to thousands of email addresses, some of which exist and some of which do not. To give the appearance that their messages are legitimate, spammers use a practice called "spoofing," whereby they manipulate the "From" address to use a real domain or sender. When a spammer sends email to an invalid address, the receiving mail server sends an NDR message to the "From" address, rather than to the actual sending server. Because spammers spoof common addresses, such as sales or info of well-known companies, these NDRs may be destined for your mail server.

Undelivered Mail Returned to Sender
Your message did not reach some or all of the intended recipients.
Subject: Report update
The following recipient(s) could not be reached:
webmmaster@jumboinc.com on 03/15/2008 11:09 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. Page 3 of 13

The good news is that your message security service recognizes the spam content in an NDR, and blocks large numbers of these messages so they never reach your mail server.



Challenges and growth in NDR spam
NDR messages have two characteristics that can allow them to reach your inbox:

  • Some mail servers do not follow standard protocol, sending only the header information in an NDR rather than the full content of a message. Without message content, the message security service may not be able to differentiate between an NDR generated by a spammer's message and a legitimate NDR generated by a message you sent.
  • The mail servers that generate NDRs are legitimate senders. Therefore, blocking messages based on sender behavior would result in blocking valid email.

Another challenge is that the growth in NDRs is driven by the overall growth in spam activity. The more messages spammers send, the greater the number of spam messages sent to invalid addresses, resulting in more NDRs.

Customers of the message security service are not any more susceptible to NDR spam than other email users. Spammers try to use legitimate domains and user names, and they may coincidentally use those of message security customers

Let RESTECH’s email security system get rid of the email- borne security threats and annoyances today, contact Jeff@restech.net.

Copyright © 2006 RESTECH Information Services Inc. All Rights Reserved.
Home  ||   Solutions  ||   Help Me!  ||   About  ||   Testimonials  ||   Contact  ||   News  ||   Articles  ||   HP Authorized Partner
Hewlett Packard  ||   Services  ||   Security  ||   Virtualization  ||   Disaster Planning  ||   Email Archiving
Unified Communication  ||   Cabling  ||   Cisco Showcase
Privacy Policy  ||   Terms of Use  ||   Site Map
News Articles