Posted by Jeremy Scott in Uncategorized | 2 Comments
Why Do I Keep Receiving Non-Delivery Receipts for Messages I Didn’t Send?
Have you been getting a bit more spam lately? Yeah, we all have.
There’s a new kind of unwanted email that we’re all seeing a bit more of lately, called an NDR. NDR stands for Non-Delivery Receipt. It’s that error message you get telling you that a previous message you sent was unable to deliver. Only lately, many people been getting NDRs for messages they never actually sent.
So the email says something like “The message you sent to Steve could not be delivered because….” But you don’t know any Steve, and you never sent a message to Steve. So why are you getting this error?
Easy. It’s spoofing. We covered spoofing back in January, letting you know that messages you may receive that appear to come from yourself are just some hacker’s attempt to “spoof” your email address. Apparently, with a little ingenuity, you can make an email appear to come from whichever email address you wish.
It’s become a favorite tactic of spammers, because most Average Joe’s are more inclined to click on something or reply to an email if it’s coming from a sender they trust. So spammers started spoofing real emails to try and entice you to let your guard down. Having your email spoofed doesn’t in any way mean your computer or your server has been invaded or compromised by hackers. It just means someone (or some automated program) either guessed at your email address or scraped it off a website someplace where it was published.
So the new issue is that some of these messages the spammers are sending are going to email accounts that don’t exist–or at least don’t exist any longer. And that causes the email server to spit out an NDR back to the sender. And since the sender spoofed your email, you’re the one getting the NDR.
Postini–our preferred email filtering service–is actively pursuing a fix to this problem so that your inbox isn’t overflowing with NDRs. And we know that many of you currently have inboxes that are filled with NDRS because several of you have called us to ask what’s going on.
Rest easy. The fix is coming soon. Until then, you can just ignore the NDR–assuming it’s for a message you didn’t initially send.
Every time email and email filtering gets more sophisticated, the spammers respond by creating a new wrinkle in their tactics, resulting in a new kind of headache for you. Spam isn’t going away, folks. In fact, it’s only going to grow more prominent and more advanced. Thankfully, you’ve got us to help keep you informed–and hopefully you have a powerful professional spam filter like Postini, who are on the cutting edge of the technology used to fight the spammers.
If you’d like to learn more about Postini, you can do so here on our website.
We know the NDRs are annoying you–we’re getting them too. But it’s a temporary thing that will be sorted out soon enough. If you have specific questions, or if you think your NDR problem is not the same as what we’re describing here, feel free to shoot us an email or call our office and we’ll be happy to take a look.
This has happened to me several times. Being an attorney, I automatically start thinking about potential liability issues (to the point that I’m starting to annoy our IT admin.) So maybe you can answer: Have you had any information about liability claims against a legitimate email account owner whose account was “spoofed” in order to send a virus, or a very offensive message? Or is my IT Admin correct: I’m getting paranoid in my dotage!
Thomas,
While I can understand the concern, I don’t see any evidence online that spoofed email messages can lead to any kind of liability issue. It’s pretty much the same thing as someone spoofing your physical street address in a mailing. I would guess that there would have to be some legal proof that you knew in advance and neglected to stop it–which is impossible.
I’d go with your IT guy on this one.