This is called "backscatter". Google it for more info. You can *help* prevent this before it happens by publishing SPF/Sender-ID records. Next, you can filter based on missing Message-ID headers that should exist in legitimate NDRs if the original email was from your domain.
On Tue, Oct 7, 2008 at 1:08 PM, <[EMAIL PROTECTED]> wrote: > Exchange 2003 SP2. We occaisionaly have users who get a few NDRs over a > couple of days from reipients they did not send to because of spammers > spoofing their email address. At 12:15 I have a user who began getting > hundreds of NDRs obviously as a result of a spammer sedning out a bulk email > package. These are coming in so fast the user is having a hard time keeping > up with the deleting. Anyway to prevent this crap? > Thanks. > > -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~