question

BashCZ avatar image
0 Votes"
BashCZ asked BashCZ answered

User gets a lot of NDRs

Hello,
one of my users are getting tons of NDR and ask me if there is anything i can do about it.
These emails are marked as spam and are being sent to the users mailbox spam folder.

<randomrecipient@randomdomain.com>: host <ip address> said: 503 5.0.0
REJECT: FROM and AUTHENTICATED SENDER are different From:
myuser@mydomain.com Auth: spammeraddress@spammerdomain.com (in reply to end of
DATA command)

Its obvious, some bot is using his email address in reply-to field. Is there something i can do about it on the Exchange side? Using EOP as antispam solution.
Im about to suggest to a user to create an outlook rule to delete these messages .. i dont really want to create transport rule just for this one user.

Thank you

office-exchange-server-administrationoffice-outlook-itprooffice-exchange-server-mailflow
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid edited

Yea, I would create an Outlook rule and see if that makes things better.
Alternatively, set Outlook in Safe Sender lists only or block by domain:
https://support.microsoft.com/en-us/office/block-or-allow-junk-email-settings-48c9f6f7-2309-4f95-9a4d-de987e880e46


EOP has backscatter protection - but maybe missing these ( assuming that is what it is)
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/backscatter-messages-and-eop?view=o365-worldwide

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BashCZ avatar image
0 Votes"
BashCZ answered

Yea.. i suggested to create Outlook rule as well and told him, that these NDRs should eventually stop (either spammer is blacklisted or they will find another victim address soon enough).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.