Dear All,
During the last several months about 10% of our users have been receiving lots of random failure deliveries for messages they have not sent. I’m fairly certain that these failures are caused by Spammers using our email addresses when sending out their email blasts.
Has anyone had a similar problem with a good solution? Has your ISP been able to help? The only permanent thing I can think of is to change our email addresses which isn’t a popular solution.
I could create a mail rule or an agent to move all messages with ‘failure’ [or other keyword] into a different folder, but this doesn’t really fix the root problem.
TIA,
Mike
Subject: SPAM: Lots of Failure Deliveries
I would check the message headers and see the difference in some of the fields that identify it as a message originating from an external source.
Then filter on those fields.
Subject: SPAM: Lots of Failure Deliveries
Public execution of spammers might help! 
Actually, we’ve been hit with the same thing over the past month. It is called NDR Spam. True…spammers are using your e-mail addresses as the FROM.
To date I have found no way to prevent it, even with rules. Our filtering solution (Postini) has helped, but they reported they can only prevent those which include the header and body information from the originating message. If it is just a delivery failure, they sometimes can’t prevent it’s delivery as they do not know if it is indeed spoofed spam or if it is a legitimate delivery failure that a user needs to be notified about.
One Monday, one of our users reported over 500 messages in his Inbox when he reported to work. Our Solution - DELETE! It’s time consuming, but we found no other way to truly deny this attack.
More Info: http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf
Brian