View original (French)

"Mail Delivery System" Bounced Message

baissaoui Posted messages 606 Registration date   Status Webmaster Last intervention   -  

Initial document created by Malekal_morte-

The emails titled "Mail Delivery System" are emails sent by the mail server (SMTP server SMTP) to the sender's address when the latter could not deliver the email to the recipient.
The reasons can be multiple and are generally specified in it; most of the time, they involve time errors:

  • the recipient's mailbox is full: "user is over quota"
  • the sender's address is misspelled; the error "User unknown in relay recipient table" is received, or if you mistakenly type the domain, "Host or domain name not found"
  • the sender's address or SMTP server is denied (blacklist etc.)

In this FAQ, we focus on "Mail Delivery System" errors in cases where you receive multiple errors, ranging from a dozen to hundreds per day.
This is the case where malicious individuals use your email address to send SPAM / junk or malicious emails.

What needs to be understood is that the sender's address in no way guarantees that the email was sent by the sender.
Exactly like in everyday life, you could receive an address written by anyone impersonating another by signing with their name and putting it as the sender.
The page Mail: sources and headers of the envelope & message on the malekal.com site demonstrates this.

If spammers or others send emails to your friends or unknown users with your address as the sender, mail servers will then send the Mail Delivery System errors to them.
This phenomenon is called: Backscatter.

Unfortunately, in this specific case, you cannot stop the sends and therefore the "Mail Delivery System" errors in return; you must wait for the sending campaign to finish.
However, you can create a mail rule to automatically move "Mail Delivery System" emails into a specific folder.
This operation varies depending on the type of webmail service used or email client.

The SPF (Sender Policy Framework) protocol was specifically designed in 2014 to allow for sender verification to limit these spammer practices.

Of course, note that your email account, especially in the case of webmails (Hotmail, Gmail, etc.), may have been hacked and used to send emails.
Generally, these emails appear in the sent items.

In the event of an email account theft, we therefore recommend changing your password and performing a Malwarebytes Anti-Malware scan of your computer.
If you wish to check your computer for a possible infection, you can perform a FRST analysis, send the reports to pjjoint, and create a thread in the Virus forum.