Receiving undeliverable email we did not send

pts.
Tags:
Exchange security
Management
Microsoft Exchange
Microsoft Windows
OS
Security
Servers
Spam
SQL Server
TrendMicro
Hi everyone,

One of our users keeps getting undeliverable email messages. It looks like someone out there is sending mail and making it look like it is coming from him. Is there anyway to stop this? We are running Exchange 2007. I don't think it is relaying or a virus. It does this even when his PC is off. Thanks for your responses!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Spammers use your email return address to keep themselves from getting blocked. There is nothing you can do about this, unless someone figures out a way to handle the problem network-wide. Bob here – This is also a technique used to spread viruses and spam in general. The fact that your email address gets used means that the infected machine belongs to someone who has emailed you at some time – and has your address in their list. ————————- See this similar question and answers. ======================================================================= This is not necessarily a virus infection. It is called mail “Spoofing”. The message appears to be sent by a user. The Spammers use a combination of characters and sends messages out as a User”. Unless there is an SMTP authentication security in place you cannot do anything about it. – Symyuser

Discuss This Question: 19  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Jlnewmark
    For more than a few years now, spam and viruses have been spoofing usernames to hide their tracks. The virus is almost certainly not on your user's computer. However, their name is in the address book of a computer that DOES have a virus. That virus randomly selects people out of the address book as the "sender," when it mails itself out -- obviously, if you knew who the REAL sender was, you'd let them know they have a virus and they could do something about it. If the problem is a spammer (you can usually tell from the content of the message), then that spammer is basically doing the same thing as a virus, except that he's bought a mailing list and your user is on it. Your user can get on any number of mailing lists in very innocuous ways: they had to register on a news site (NY Times, Wash Post, Wall St. Journal, LA Times all require registration just to read articles, for instance), or even with a business group or Chamber of Commerce. These companies all promise that they will only share your information with their "authorized business partners." Unfortunately, these business partners can ALSO share with THEIR business partners, and somewhere down the line, "business partner" becomes "whoever will pay me for the list." In both cases, the previous responder does have the bottom line -- you really can't stop these delivery failures for bogus emails without stopping delivery failures for ALL emails. Not a good idea. The one ray of light is that these things don't usually last more than a few days to a couple weeks at most. Then the virus is caught or goes inactive, or the spammer moves on to the next set of names on his list....
    0 pointsBadges:
    report
  • Bobkberg
    jlnewmark is pretty much on the button - I can't add anything to what he's said as far as describing the problem. However, as for people who use your own email address against you... There is also graylisting - which can use the sending IP address of the message (which cannot be spoofed). The idea behind graylisting is that much (sadly not all though) spam is sent as a one-time "broadcast", whereas legitimate senders will retry to send after some period of time. Another tactic is to make use of a blacklisting service (there are several) who try to keep up with the never-ending new sources of spam, and reject all email coming from them. If you're also willing to take the risk of blocking possible legitimate traffic, I've compiled a list of address blocks which are known to be in Asia, Europe, South America. Not a sure-fire thing either since the list is NOT comprehensive, but these can be filtered at your border router. Nothing secret about the addresses - it's all public information (www.iana.org), but there's another route for you. Bob
    1,070 pointsBadges:
    report
  • Ericcomputer
    Another possibility to avoid this (and other "spoofing" problems) is to set your mail server to do a Reverse-DNS check (RDNS) before accepting any inbound mail. Basically what this does is it checks the IP address that the message originated from using RDNS to see if it matches the "from" address (domain) of the sender (let's say for example the message has a "from" address of: user@company.com), and then your mail server will compare the result of the RDNS check (a domain name) to see if there is a match. If that IP address matches the IP address that the message came from (in the message headers), then the message will be accepted. If it does not match, it will be rejected, sometimes even without a non-delivery response. The problem with a lot of RDNS checking logic is that many companies (and ISP's) either do not have RDNS set up at all, or the RDNS address reports with the ISP's domain name, not the company that is utilizing that IP; Therefore, legitimate mail could easily be rejected without notice. Microsoft Exchange has such a feature buried within the SMTP Virtual Server (or SMTP connector if you're using one) settings. Yet another method for checking and protecting against mail spoofing (or at least having YOUR domain spoofed) is to add an SPF (Sender Policy Framework) record to the zone file of your domain (usually done at the ISP level). You can read more about SPF records here: http://www.openspf.org/Introduction It is surprising how few domains have an SPF record defined... Good luck, --Eric
    0 pointsBadges:
    report
  • Jlnewmark
    The only problem with a reverse DNS check is that the domain from which the Delivery Failure is coming is almost certainly legitimate and "Mailer Daemon" or "System Administrator" from that domain is going to be a good address. Unless your reverse DNS will check back through all the steps to the origination of the message, at which point you will finally see the mismatch, I'm not sure this will help against delivery failures. It will certainly help against other spoofed emails.
    0 pointsBadges:
    report
  • TedRizzi
    This is a very common issue, some one's computer, is infected with a virus and is sending out spam spoofing the senders email address with your users email address's it could even be one of your users home computers or a business contact. The cure is simple.. show your users where the delete key is on the keyboard. there is no way to prevent this from happening. if you have email content filtering software you can create a filter to block it. other than that not much you can do.
    0 pointsBadges:
    report
  • No1pole
    I keep getting returned e-mail I did not send it is not deliverable. some are even in a foreign language. is this a virus?
    10 pointsBadges:
    report
  • Firechief69
    how do i stop my yahoo email , sending out emails from my address book  please tell my step by step most of my friend has the bug that my pc gave them   Help PLease i have no body to go to for HELP  thanks .  Alex
    10 pointsBadges:
    report
  • MelanieYarbrough
    Hi Firechief69, Please create a new thread for your question to ensure it gets answered by the community. Be sure to include the details necessary to help resolve your problem. Thanks, Melanie
    6,345 pointsBadges:
    report
  • Mimisina
    received notice of undeliverable emails that I did not send. How can I trace source? How can I put a stop to this?
    10 pointsBadges:
    report
  • MelanieYarbrough
    Hi Mimisina, Please begin a new thread for your question. Include as many details as possible, including what email service you’re using and the message being sent, if possible. Thanks! Melanie
    6,345 pointsBadges:
    report
  • rickbike
    I get these by the 100's every day to just one of my email addresses. I added this address only a month ago.
    10 pointsBadges:
    report
  • ToddN2000
    Check the date and time the email was supposedly sent. If they were sent off hours when you were not in the office, you may have a bot or a virus. Run a good anti virus program. Also if you can check the email header to verify the source, make sure it is coming from the address you expect. It could also be a phising attempt to get you to open the email to see what went wrong. 
    123,845 pointsBadges:
    report
  • Jules2k
    Delegation settings can be responsible for mail appearing to be sent from your account.
    45 pointsBadges:
    report
  • jamesyogiyogi
    https://contactemailservices.com/gmail-support-number/
    50 pointsBadges:
    report
  • ToddN2000
    Something like this could be baiting you to click on it. Like other with a subject line like your UPS package was un-deliverable. You could set up a spam filter to weed these out by testing the subject for some text That is what makes it so hard to stop things like this when you can spoof ips, emails and phone numbers today...
    123,845 pointsBadges:
    report
  • Bhavitratech
    I checked my email yesterday and there were five emails that were undeliverable. I didn't send them. They went to different email addresses but looked the same (ex: tom1@, tom2@, tom3@, etc.). There was a .txt file that was attached to each one. I didn't open it. I've deleted the emails and scanned my computer with MSE and Malwarebytes. Neither one found any issues. 

    For more info Find us on google Website Design Company in Kolkata
    505 pointsBadges:
    report
  • Subhendu Sen
    It is better to change password with complex one and check whether it will be helpful. Also if possible, stop using email for particular user or open his/her email from another system.
    128,540 pointsBadges:
    report
  • ToddN2000
    @Bhavitratech: Sounds similar to a bot. Not all anti virus program will find them. Check out this link from PCWorld
    123,845 pointsBadges:
    report
  • TheRealRaven
    It's still most likely that there's nothing related to your system at all. The notices were routed to you simply because your e-mail address was used to send the items that were undeliverable. There's probably no malware to find because none exists on any system that you have access to. And there's nothing you can do to stop it.

    Probably.
    31,705 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: