NDRs (Non-Delivery Reports)


NDR spam: Why am I receiving an NDR for a message I didn?t send?


NDRs are a normal part of email exchanges, but spammers’ activities can cause spikes in NDR activity. Spammers send junk messages to thousands of email addresses, some of which exist and some of which do not. To give the appearance that their messages are legitimate, spammers use a practice called “spoofing,” whereby they manipulate the “From” address to use a real domain or sender.


When a spammer sends email to an invalid address, the receiving mail server sends an NDR message to the “From” address, rather than to the actual sending server. Because spammers spoof common addresses, such as sales or info of well-known companies, these NDRs may be destined for your mail server.



Undelivered Mail Returned to Sender


Your message did not reach some or all of the intended recipients.


Subject: Report update


The following recipient(s) could not be reached:


webmmaster@jumboinc.com on 03/15/2008 11:09 PM


The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.


Another challenge is that the growth in NDRs is driven by the overall growth in spam activity. The more messages spammers send, the greater the number of spam messages sent to invalid addresses, resulting in more NDRs.


We highly recommend that anyone running a corporate email server invest in top-of-the-line Anti-spam technology.  It will pay off a thousand fold in the long run.  Most good anti-spam solutions do a reasonable job of limiting the impacts of NDR spam attcks.  But almost all still will allow a sender to try quite a few bad recipients before shutting them down. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s