Handling excessive amounts of Non-Delivery Reports

The NDR messages notify the sender that a message was not received. This seems like a useful feature, except that lately Spammers and virus writers are spoofing the From fields of either Spam e-mails or contaminated e-mails.

An example of the above situation occurred a few weeks ago when the MyDoom virus sent e-mails to randomly generated addresses with spoofed From fields and these addresses were bombarded with NDRs. This accounted for a large portion of Internet traffic created by the virus.

The solution to this problem is to simply turn the NDRs off. This is doable if you are running Exchange server 2003 or 2000 ("see KB article 294757"). But if you are still using Exchange 5.5, though there are reports of a way to "Disable Automatic Replies to the Internet," it doesn't actually stop sending NDRs. To compound this problem, Exchange Server 5.5 is in the "extended support phase," so no non-security fixes are available.

Turning the NDRs off actually violates RFC 821, so this seems to be a "between a rock and a hard place" sort of problem.

Beyond that, Microsoft's official position is that you should upgrade to Exchange 200x, but since this requires Active Directory installation, it is a non-trivial migration. If you, like many others, are still using Exchange 5.5, you might want to contact Microsoft to lobby for a fix to this problem, as more mass-mailing viruses are sure to strike.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Antispam Software and Spam Filtering Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Exchange email sent to a domain using SPF authentication is returned Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Secure Edge Transport servers using the Security Configuration Wizard Create a global Safe Senders List in Exchange 2007 to filter spam Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering Antispam Software and Spam Filtering Research Microsoft Exchange Server Non-Delivery Reports (NDRs) Troubleshooting Microsoft Exchange Server Event ID error 6009 A network connection problem or an offline server prevented delivery of the message Third-party tools that modify NDRs for oversized email SMTP 550 relay error when sending large attachments Not receiving email messages that have file attachments How to strip email attachments from Exchange NDR failure notifications Exchange Server error message: 'A non-delivery report with a status code of 5.4.0 was generated for recipient' How to select the mailbox account that sends Exchange NDRs 'You do not have permission to send to this recipient' errors AQADMCLI: Command-line SMTP queue management for Exchange Server RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.