Question : Rejected emails that were not really sent

I have an exchange user that is receiving anywhere from 10 to 80 rejection emails daily for over a week.  She did not send any of the messages that are being rejected herself and none of the rejected addresses were in her outlook address book (or any other exchange users address books).    

AV is running and nothing out of the ordinary was detected on her machine.

This is a message example of what is returned and there are hundreds more like this (user in the following is the users email that is effected and mydomain is our domain);



Delivery has failed to these recipients or distribution lists:

[email protected]
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

[email protected]
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.








Diagnostic information for administrators:

Generating server: fe.mail.megapathdsl.net

[email protected]
#< #4.0.0> #SMTP#

[email protected]
#< #4.0.0> #SMTP#

Original message headers:

Received: from [117.200.84.95] ([117.200.84.95] verified)
  by fe.mail.megapathdsl.net (CommuniGate Pro SMTP 5.3.5)
  with ESMTP id 747425151; Tue, 18 May 2010 23:22:20 -0700
Received-SPF: none
 receiver=fe.mail.megapathdsl.net; client-ip=117.200.84.95; envelope-from=user@mydomain.com
Received: from 117.200.84.95 by mail.mydomain.com; Wed, 19 May 2010 11:52:30 +0530
Date: Wed, 19 May 2010 11:52:30 +0530
From: "Davison Nona" <[email protected]>
X-Mailer: The Bat! (v3.5.25) Professional
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <093351607.47370719761103@mydomain.com>
To: <[email protected]>,
      <[email protected]>,
      <[email protected]>,
      <[email protected]>,
      <[email protected]>,
      <churchoffice.tammy@megapathdsl.net>,
      <[email protected]>,
      <[email protected]>,
      <[email protected]>,
      <[email protected]>
CC: <[email protected]>,
      <[email protected]>,
      <[email protected]>,
      <gsjanis.schwartz@megapathdsl.net>,
      <[email protected]>
BCC: <[email protected]>
Subject: thankee
MIME-Version: 1.0
Content-Type: text/plain

Answer : Rejected emails that were not really sent

Welcome to the end product of spoofed emails and badly configured mail servers.

Essentially the spammer has forged your users address as the sender of the emails and sent out spam to various unsuspecting parties.  The recipient then rejects the message and sends out a non-delivery message back to the supposed sender (your user) and thus they get a message about a message that they didn't send.

You can not do too much about it, but you can add a SPF (Sender Policy Framework) record to your domain's DNS records that advises receiving server if the sending server is authorised to send mail on behalf of your domain.  If not, the message gets rejected as spam and you don't get the bounce.

Please have a read of the following and then add an SPF record to your External Domain's DNS records:

http://en.wikipedia.org/wiki/Sender_Policy_Framework

To create a record - please visit:

http://old.openspf.org/wizard.html?mydomain=example.com