Receiving a lot of NDR Messages in my mailbox

Question:

Today I started receiving undeliverable notices in my mailbox about message I didn’t send out.   I didn’t send out any messages and am getting hundreds in my mailbox.  What is happening and what do I do about it.

Answer:

The very quick answer is nothing is wrong. 

The more detailed answer’s are below.

One can’t be totally sure, but there are a couple of reasons this could be happening.

1: You did send out the messages and you are getting the NDR (Non Delivery Report)
2: You didn’t send out the messages and your e-mail address was forged and you are getting the NDR messages.

It all comes back to understanding how e-mail works.  We will be producing a detailed note on this shortly.

But back to the NDR message issue. 

Spammers send out messages using automatic scripting programs.  They send them out to hundreds, if not millions, of addresses at a time.  They pick the addresses at random.   One way they do this is to pick from a list of real e-mail address they have collected over time.

Another way they do this is to find domain names, which are public information on the Internet.  Once they pick a domain name the send e-mail’s to all possible address at that domain.  They use all possible real name as well as randomly generated letters and numbers hoping they get delivered.

They then forge (sometimes called spoofing) the return e-mail address when they send the e-mail out.  This way, if the-mail is not delivered, it will be returned to the return e-mail address in the message with a NDR, not to them.

Let’s look at a real world example:

How do they do this?  Let say I write a letter I have written on paper and put it in a real envelope to my 10 people.  I write there address on the envelope.  In the US we then can put a return address in the upper left corner of the envelope in case it can’t be delivered and the Postal Service will return it me so I know it wasn’t delivered.   Let say I had a ink stamp with your home address on it.  I stamped every envelope in the upper left corner of the envelope with your address.  I then drop them in a Postal Mail box and off they go.

A few days go by and 8 of the letters sent out couldn’t be delivered because the address I sent them to didn’t exist.  What happens is the Postal service looks for the return address on the envelope and sends them back to that address. It wasn’t mine it was your address.  Then a few days later the Postal carrier delivers them to your mail box at home and you say what are all these letters in my mail box all about?

 

You ask you Postal carrier what is this all about.  I never sent them out and don’t want them in my mail box.  The reply would be we have no control about this.  I’m just the your postal Carrier and our sorting machine show it wasn’t delivered and we are just returning them to the return address on the envelope.   You say “I didn’t’ send them, return them to the person that did send them”. 

Postal Carrier: We don’t’ know who sent them.  We can only return them to the address on the return label. 

This would be the only answer you would get from the postal carrier. They don’t know who dropped them in a postal mail box or which one it was dropped into.

 

E-Mail works the same way.  When you send a message that message has your return address included as part of the message and if it can’t be delivered it would be returned to your mailbox.

Spammer's send e-mail’s out with a forged or spoofed addresses in the return address field, so if they are not delivered they don’t get returned to them, but to the address in the return address field which maybe you.

So how did they get your address?  They didn’t just get your address; they made it up as a random address.  It just happens to match your e-mail address.  

One way they do this is to look for domain names on the Internet.  All web sites on the Internet have a domain name and they are publicly available to find and see.  They then build a large list of them.  Now they need names to use on the left side of @ sign.  Where do they get them?  They make them up.  They can use real name like Adam and Jane and so on.

When they pick a domain name they use it for a few days and then move on to a different domain name.  So you should stop getting the NDR message.  But there is no guarantee of this. 

Summary:  If you start getting NDR’s there is not much anyone can do to stop them. Just delete them.

  • 8 Users Found This Useful
Was this answer helpful?

Related Articles

What is a forged or Spoofed E-Mail

What is Forged or Spoofed E-Mail: Spammers can obtain e-mail address lists, which may include...