Spammers May Use Exchange Against You!
Are you experiencing slow email deliveries? How about your Outbound Queues, are they full of NDR’s (non-delivery notices)?
There is a new and sickening tactic that spammers are employing today. It’s called Reverse NDR spam, and it’s choking your Exchange Server. Currently, reports are coming in that nearly 30% of all spam is employing this technique. It works because it bypasses current filter technology.
Here is how it works. The spammer forges the intended recipient in the From field of the e-mail, and a bogus recipient at the same domain in the To field. Once the e-mail is sent, the Exchange Server will send a NDR (Non Delivery Report) to the sender in the From field. When that person opens the e-mail, the body of the spam is there for the victim to read.
This extra activity creates more burden on a busy Exchange Server, and can fill the queues very quickly with these postmaster bogus NDR messages. So how do you cope with this scheme?
To control NDR reports in Exchange, there are two check boxes in the recipient filtering within the Message Delivery section in Global Settings. You can also disable all NDR from your Exchange Server as well. Beware that some viruses may attempt the same behavior and you should maintain up to date protection for all servers/workstations.
For more information on controlling NDR’s in Exchange:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294757
