Handling excessive amounts of Non-Delivery Reports

When you are flooded with NDRs, you can turn them off--in most cases.

When mass Spam or virus mailings flood the Internet, many are sent with randomly generated addresses. When these

e-mails invariably do not reach the destination mailbox, Exchange servers send a non-delivery report (NDR).

The NDR messages notify the sender that a message was not received. This seems like a useful feature, except that lately Spammers and virus writers are spoofing the From fields of either Spam e-mails or contaminated e-mails.

An example of the above situation occurred a few weeks ago when the MyDoom virus sent e-mails to randomly generated addresses with spoofed From fields and these addresses were bombarded with NDRs. This accounted for a large portion of Internet traffic created by the virus.

The solution to this problem is to simply turn the NDRs off. This is doable if you are running Exchange server 2003 or 2000 ("see KB article 294757"). But if you are still using Exchange 5.5, though there are reports of a way to "Disable Automatic Replies to the Internet," it doesn't actually stop sending NDRs. To compound this problem, Exchange Server 5.5 is in the "extended support phase," so no non-security fixes are available.

Turning the NDRs off actually violates RFC 821, so this seems to be a "between a rock and a hard place" sort of problem.

Beyond that, Microsoft's official position is that you should upgrade to Exchange 200x, but since this requires Active Directory installation, it is a non-trivial migration. If you, like many others, are still using Exchange 5.5, you might want to contact Microsoft to lobby for a fix to this problem, as more mass-mailing viruses are sure to strike.


This was first published in February 2004

Dig deeper on Spam and virus protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close