Configuring Outlook to deal with spam bounces

Wednesday 7 December 2005

Lately I've been getting periodic storms of spam being returned to me as undeliverable. I don't know if the spammers intend me to open these messages, or if they're just using my domain as a From address on spam intended for someone else. Either way, it's a pain when 40 non-delivery reports a day flow into my inbox. Unlike regular spam, these messages come and go. There'll be a week where they arrive all the time, then three weeks with none, then they'll be back.

I'd like to not have to look at each one to see if it is a genuine delivery failure, but I'd also like to know if I really did have an email bounce. I figured I'd use Outlooks rules to deal with this. Surprisingly, I couldn't find a way in the rule to target non-delivery reports specifically, but the subject lines are fairly repetitive:

Apply this rule after a message arrives
with
   "Delivery Status Notification (Failure)" or
   "Mail delivery failed: returning message to sender" or
   "Undelivered Mail Returned to Sender" or
   "failure notice" or
   "DELIVERY FAILURE: User" or
   "Delivery Report" or
   "Undeliverable:" or
   "Delivery Notification: Delivery has failed" or
   "Delivery failure (" or
   "DELIVERY FAILURE: Recipient" or
   "Undeliverable message" or
   "Returned mail:" or
   "Mail System Error - " or
   "Undeliverable mail"
   in the subject
move it to the Spam Bounces folder
except where my name is in the To box

This works great, especially the last part. Since the spam bounces use bogus addresses at my domain as the From address, they go into the Spam Bounces folder. If I really do screw up an email address, its non-delivery report will stay in my Inbox since my name is in the To field. For an extra feeling of safety, I added the To column into the view of the Spam Bounces folder, so I can see at a glance the bogus addresses that got me the messages in the first place.

Comments

[gravatar]
Bob 2:52 PM on 7 Dec 2005

Parsing an NDR can be a little problematic, as you've noted. There's no message header that indicates that it's a NDR. So parsing the Subject and message content (which you aren't doing here) is about as good as it gets. Do we need a "Bogus NDR" Assassin?

[gravatar]
Jerry Glover 4:41 PM on 7 Dec 2005

Would it be cruel to remind you how easy it is to identify an NDR in Notes? ;-)

[gravatar]
Menno Smits 6:14 PM on 7 Dec 2005

Ned, are you sure these are really spam messages?

The recent Sober virus variants that have been doing the rounds send from and to random harvested addresses. When it happens to use your address as the sender and some non-working address as the recipient you'll get a bounces like these. I've been getting tons of these lately and they come in waves like you describe.

The emails aren't selling anything so I wouldn't call them spam. Very annoying however.

[gravatar]
Ned Batchelder 9:15 AM on 8 Dec 2005

My bounces are definitely spam messages. The sender address is clearly a randomly generated user name at one (and only one) of my domains.

Add a comment:

name
email
Ignore this:
not displayed and no spam.
Leave this empty:
www
not searched.
 
Name and either email or www are required.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.