Different users suddenly get a ton of undeliverable mail from time to time. Their addresses are being spoofed. Is there anything I can do from my server to minimalize this? Or at least minimalize the undeliverable messages that are being "returned" to them? The source IP addresses the spoofed messages are being sent from aren't originating from my server at least. By the way, I'm running Exchange 2007 SP1 as well as Forefront.
anthony@necrofiends.com wrote: > Different users suddenly get a ton of undeliverable mail from time to > time. Their addresses are being spoofed. Is there anything I can do > from my server to minimalize this? Or at least minimalize the > undeliverable messages that are being "returned" to them? The source > IP addresses the spoofed messages are being sent from aren't > originating from my server at least. By the way, I'm running Exchange > 2007 SP1 as well as Forefront. This is happening to everyone....please read recent posts as well as googling. There's really nothing you can do about this other than tell users to delete the bogus NDRs (rather, the legit NDRs to the bogus mail).
"Lanwench [MVP - Exchange]" wrote: >anthony@necrofiends.com wrote: >> Different users suddenly get a ton of undeliverable mail from time to >> time. Their addresses are being spoofed. Is there anything I can do >> from my server to minimalize this? Or at least minimalize the >> undeliverable messages that are being "returned" to them? The source >> IP addresses the spoofed messages are being sent from aren't >> originating from my server at least. By the way, I'm running Exchange >> 2007 SP1 as well as Forefront. > >This is happening to everyone....please read recent posts as well as >googling. There's really nothing you can do about this other than tell users >to delete the bogus NDRs (rather, the legit NDRs to the bogus mail). Content filtering can reduce the number of those NDRs that are delivered to mailboxes, but there are lots of false-positives. It's really hard to separate the "real" NDRs from the backscatter. BATV can help, but it's far from trouble-free. -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm Don't send mail to this address mailto:h.pott@getronics.com Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
Rich Matheisen [MVP] wrote: > "Lanwench [MVP - Exchange]" > wrote: > >> anthony@necrofiends.com wrote: >>> Different users suddenly get a ton of undeliverable mail from time >>> to time. Their addresses are being spoofed. Is there anything I >>> can do from my server to minimalize this? Or at least minimalize >>> the undeliverable messages that are being "returned" to them? The >>> source IP addresses the spoofed messages are being sent from aren't >>> originating from my server at least. By the way, I'm running >>> Exchange 2007 SP1 as well as Forefront. >> >> This is happening to everyone....please read recent posts as well as >> googling. There's really nothing you can do about this other than >> tell users to delete the bogus NDRs (rather, the legit NDRs to the >> bogus mail). > > Content filtering can reduce the number of those NDRs that are > delivered to mailboxes, but there are lots of false-positives. Ayuh. > It's > really hard to separate the "real" NDRs from the backscatter. BATV can > help, but it's far from trouble-free. I don't know what BATV is....spill!
"Lanwench [MVP - Exchange]" wrote: >Rich Matheisen [MVP] wrote: [ snip ] >> It's >> really hard to separate the "real" NDRs from the backscatter. BATV can >> help, but it's far from trouble-free. > >I don't know what BATV is....spill! Bounce Address Tag Validation http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation http://mipassoc.org/batv/ http://mipassoc.org/batv/draft-levine-smtp-batv-01.html http://www.ietf.org/proceedings/04aug/slides/mass-6.pdf -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm Don't send mail to this address mailto:h.pott@getronics.com Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
Rich Matheisen [MVP] wrote: > "Lanwench [MVP - Exchange]" > wrote: > >> Rich Matheisen [MVP] wrote: > > [ snip ] > >>> It's >>> really hard to separate the "real" NDRs from the backscatter. BATV >>> can help, but it's far from trouble-free. >> >> I don't know what BATV is....spill! > > Bounce Address Tag Validation > > http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation > http://mipassoc.org/batv/ > http://mipassoc.org/batv/draft-levine-smtp-batv-01.html > > > http://www.ietf.org/proceedings/04aug/slides/mass-6.pdf Gracias. [I was kind of hoping it involved Bats. And TV. And a really cool stealth car. ]
"Lanwench [MVP - Exchange]" wrote: >Rich Matheisen [MVP] wrote: >> "Lanwench [MVP - Exchange]" >> wrote: >> >>> Rich Matheisen [MVP] wrote: >> >> [ snip ] >> >>>> It's >>>> really hard to separate the "real" NDRs from the backscatter. BATV >>>> can help, but it's far from trouble-free. >>> >>> I don't know what BATV is....spill! >> >> Bounce Address Tag Validation >> >> http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation >> http://mipassoc.org/batv/ >> http://mipassoc.org/batv/draft-levine-smtp-batv-01.html >> >> >> http://www.ietf.org/proceedings/04aug/slides/mass-6.pdf > >Gracias. > >[I was kind of hoping it involved Bats. And TV. And a really cool stealth >car. ] Sorry. There is another BATV, though: Batavia Television. Not as exciting as bats and TV but it does have the TV compnent. No car, and probably no excitement. -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm Don't send mail to this address mailto:h.pott@getronics.com Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
