OZ-KBA-1015: “Delivery Notification Failure” Spam

This KB will explain:

• What are these Notifications?
• Why am I getting them?
• How do I reduce the level of Notifications

Article

What are these Notifications?

When you send an email it the receiving mail server cannot find the correct mailbox it will send a notification to the Reply To address alerting the sender that it could not be delivered. This lets you know that the email you sent could not be delivered.

Why am I getting Notifications for emails that I did not send?

This occurs due to an vulnerability in the way email communications have been developed over the years where it is possible to “spoof” the Reply To email address. That is, the ability to send an email and make it appear as if it originated from someone else. Spammers use this to send out millions of emails so that they appear to come from legitimate companies.

How do I reduce the level of Notifications coming to my Mailbox?

Unfortunately it is not possible to prevent spammers from spoofing your email address however there are a few steps you can take to reduce the effect they have on your mail server:

• You can setup a Junk Mail Filter to delete all emails that match certain patterns. Common patterns for emails like this are:

o    Subject: “Delivery notification failed:”
o    Sender: “postmaster@”
o    Sender: “MAILER-DAEMON@”

• You can setup an SPF Record in your DNS table to filter out some spam emails

Usually these spam attacks only last a few days as the spammers usually send out a batch of emails then change the Reply To address to someone else’s email address.