Why am I receiving hundreds of delivery failure reports for a message that I did not send?

When a spammer sends out spam mail, they like to use a legitimate "from" e-mail address in order to enhance the legitimacy of the e-mail.  These e-mail addresses are harvested from  Web pages where your address is listed, or by using a virus or a worm on an infected computer to retrieve all the e-mail addresses stored on a computer.  Spammers also use these address lists for the recipients of their spam; however, many of these addresses are not valid.  Improperly configured e-mail servers will accept and then "bounce-back" these spam messages to the sender (in these cases, the sender appears to be you) rather than reject the message because the user does not exist.  When a spam message has your e-mail address as the sender, you will be the unhappy recipient of hundreds, or possibly thousands of these bounce-back messages.

Unfortunately, there is nothing IT Services can do to prevent these bounce-back or delivery failure messages from reaching your mailbox, as the e-mail system is working as designed.   If we were to block delivery failure messages, you would not be notified of problems with your legitimate e-mail not being received by your intended recipient.

Internet standards bodies are currently working on developing ways of determining the difference between legitimate delivery failure messages and delivery failure messages caused by spam, as well as mechanisms to determine that the "from" field of a message is from who the message says it is from.  However, until a worldwide standard is developed and adopted, this will continue to be an issue that affects all internet users worldwide.


Print Article


Article ID: 9372
Mon 11/2/15 11:30 AM
Mon 10/4/21 1:14 PM

Related Articles (3)

Delivery failure report for the e-mail message that you did not send.
A set of extended status codes for use within the mail system for delivery status reports, tracking, and improved diagnostics. In combination with other information provided in the Delivery Status Notification (DSN) delivery report, these codes facilitate media and language independent rendering of message delivery status.
Explains why in some cases the Delivery Failure Report does not get generated instantly on failed delivery.