Most Popular
Recently Added
Recently Updated

Non-Delivery Receipts, Joe Job's, Backscatter. I'm receiving email I did not send, why?

You may have noticed messages in your inbox with the subject "Returned email: user unknown." Because e-mail filters delete messages that come from nonexistent domains, spammers now prefer to make their messages look like they come from real e-mail addresses. As a result, we are seeing a major increase in bounce back type spam.

This FAQ describes trends associated with these types of delivered messages, called NDRs, and provides tips on how to reduce the volume of NDR spam.

What's an NDR?

A non-delivery receipt (NDR) is a message that a email server sends to notify the sender when a problem occurs with delivery. The terms "backscatter" and NDR are synonymous.

For example, if you type a recipient's address incorrectly, the receiving server will send you a message that looks similar to this:

Undelivered email Returned to Sender
Your message did not reach some or all of the intended recipients.
Subject: Report update
The following recipient(s) could not be reached: on 03/15/2008 11:09 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

Types of normal NDR messages include:


  • User unknown: The recipient's address doesn't exist on the receiving server, and the message is bounced
  • Server resources are unavailable; for example, "the recipient's email box is full"
  • Auto-reply vacation or out-of-office messages
  • Auto-reply list server or emailing list responses

Why am I receiving an NDR for a message I didn't send?

NDRs are a normal part of email exchanges, but spammers' activities can cause spikes in NDR activity. Spammers send junk messages to thousands of email addresses, some of which exist and some of which do not.

To give the appearance that their messages are legitimate, spammers use a practice called "spoofing," whereby they manipulate the "From" address using a legitimate domain or sender.

In this respect NDR messages will not cause your domain name to be "blacklisted," since the email is not being sent through your email account.

When a spammer sends email to an invalid address, the receiving email server sends an NDR message to the "From" address, rather than to the actual sending server. Because spammers spoof common addresses, such as sales or info of well-known companies, these NDRs may reach your email server unfiltered.   

The good news is that services like Spam Protector, and Spamassassin to a lesser extent, recognize the spam content in an NDR, and block large numbers of these messages so they never reach your email server.

Challenges and growth in NDR spam

NDR messages have two characteristics that can allow them to reach your inbox:

  • Some email servers do not follow standard protocol, sending only the header information in an NDR rather than the full content of a message. Without message content, spam blocking services may not be able to differentiate between an NDR generated by a spammer's message and a legitimate NDR generated by a message you sent.
  • The email servers that generate NDRs are legitimate senders. Therefore, blocking messages based on sender behavior would result in blocking valid email. 

Another challenge is that the growth in NDRs is driven by the overall growth in spam activity. The more messages spammers send, the greater the number of spam messages sent to invalid addresses, resulting in more NDRs. Below is an analysis of activity for a single account from 2006-2008: 

Why can't my service provider simply discard all bounce back like email so I never receive an NDR?

Your host cannot simply deny all bounced email. Doing so would result in your losing a number of required types of email, like over quota bounce backs, some email confirmation requests, legitimate email address typo bounces, among others. 

What can Spam Protector do to help me?

Spam Protector will block the majority of NDR spam messages, and ensures that legitimate NDR notifications reach your inbox. By default, Spam Protector is set with Non-Account Bouncing "on." This will further reduce the volume of invalid NDRs: With Non-Account Bouncing "on" Spam Protector will reject any messages addressed to recipients who don't have an account under your domain name. Therefore, this option helps stop invalid NDRs in two ways:

  • It stops NDRs for invalid users from reaching your email server. If an NDR is sent to a user that doesn't exist on your email server, the message security service bounces it before your server can accept it.
  • It prevents your email server from sending out invalid NDRs themselves. If the message security service receives a message addressed to an invalid user, it bounces it back to the sender, before your server can accept it and send an NDR. 

So what can I  do reduce the receipt of junk email?

1. Use less obvious email addresses to protect against "dictionary harvest
attacks." This will reduce the likelihood that spammers will forge your
email address and send junk email to you. For example, first initial, last
names, like "jsmith@" are less spammable than "joey@" or "sales@."
A little secret: The reason people report receiving fewer spam messages on
services like Yahoo and Hotmail is largely due to the randomness of the
addresses they force on their customers, and less so on the quality of their
email filters.

2. Are you inviting spam?
Junk email list distributors commonly gather email addresses by scanning search engines and web sites. Removing all text email addresses listed on web sites will reduce the number of junk email messages you receive daily. Start by Googling your email address.

3. Limit the use of autoresponders.
Active autoresponders are particularly tasty working addresses for spammers.
Autoresponders make it very easy for a would be spammer to send spam using
your email account. This is the one case where you may be held responsible
for the junk email sent through your account, and this could result in your
server becoming blacklisted respectively.

4. Turn off or disable your default or catchall email address.
A catchall email setting allows delivery of every randomly addressed email

5. Use quarantine solutions like Spam Protector and Spamassassin. Both service are
far more effective at reducing Joe Job style attacks and backscatter than
email without these filters.

6. If you have an account using the cPanel control panel, the email option
"Account Level Filtering" may be used as your own personal email firewall,
to discard incoming bounces with common header or body text, like "no user
here" bounce backs.

7. Check your email software filters/rules. These may likewise be helpful in discarding or
redirecting NDRs direct to trash. Please see your software's manual for


Other Links:

Properties ID: 000123   Views: 5876   Updated: 13 years ago
Filed under: