You may have noticed messages
in your inbox with the subject "Delivery Status Notification" or
"Returned mail: user unknown" that refer to recipients you don't
What’s an NDR?
A non-delivery receipt (NDR) is a message
that a mail server sends to notify the sender when a problem occurs with
For example, if you type a recipient's
address incorrectly, the receiving server might send you a message that looks
similar to this:
Undelivered Mail Returned to
Your message did not reach some or
all of the intended recipients. Subject: Report update
The following recipient(s) could
not be reached:
03/15/2008 11:09 PM
e-mail account does not exist at the organization this message was sent to.
Check the e-mail address, or contact the recipient
Types of normal NDR
User unknown: The
recipient's address doesn't exist on the receiving server, and the message is bounced
Server resources are
unavailable; for example, the recipient's mailbox is full
or out-of-office messages
server or mailing list responses
Why do I get
NDRs from mail that I do not send?
NDRs are a normal part of email exchanges,
but spammers' activities can cause spikes in NDR activity. Spammers send junk
messages to thousands of email addresses, some of which exist and some of which
do not. To give the appearance that their messages are legitimate, spammers use
a practice called "spoofing," whereby they manipulate the
"From" address to use a real domain or sender.
When a spammer sends email to an
invalid address, the receiving mail server sends an NDR message to the
"From" address, rather than to the actual sending server. Because
spammers spoof common addresses, such as sales or
info of well-known companies, these
NDRs may be destined for your mail server.
The good news is that your message security
service recognizes the spam content in an NDR, and blocks large numbers of
these messages so they never reach your mail server.
Challenges and growth
in NDR spam
NDR messages have two characteristics that
can allow them to reach your inbox:
Some mail servers do
not follow standard protocol, sending only the header information in an NDR
rather than the full content of a message. Without message content, the message
security service may not be able to differentiate between an NDR generated by a
spammer's message and a legitimate NDR generated by a message you sent.
The mail servers that
generate NDRs are legitimate senders. Therefore, blocking messages based on
sender behavior would result in blocking valid email.
Another challenge is that the
growth in NDRs is driven by the overall growth in spam activity. The more
messages spammers send, the greater the number of spam messages sent to invalid
addresses, resulting in more NDRs.
Customers of the message
security service are not any more susceptible to NDR spam than other email
users. Spammers try to use legitimate domains and user names, and they may
coincidentally use those of message security customers.