Microsoft 365 - Why am I getting bounced messages for email I didn't send?
Spammers commonly forge the headers of messages they send, making it appear as though they originated elsewhere. Spammers harvest vast numbers of email addresses, or even guess common email addresses, and then put these addresses in the "To:" and the "From:" fields of the millions of email messages they send out. Some of the messages they send will end up bouncing, and when they do, they bounce to the forged address in the "From:" field, which may be yours.
Users need to know if their legitimate messages are bouncing, and the Office 365 system can't distinguish legitimate bounces from illegitimate bounces.
What is Spoofing/Backscatter?
'Backscatter' is the name given to messages generated when a spammer uses your mail address in the 'From:' line of their messages. If the spammer's message can't be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the 'From:' line.
Backscatter messages take several forms:
- DSN (Delivery Status Notification) advising that the message cannot be delivered - or that delivery is delayed.
- Auto-replies - often advising that the mailbox is no longer in use due to spam or that the recipient is on vacation.
- Rejections advising that a messages has been caught by a spamblock.
- Challenge/Response requesting that you confirm you sent the message.
If a spammer sends a large number of messages, you may receive literally hundreds or thousands of 'backscatter' messages.
Is my account or computer compromised?
In most cases your email address has been spoofed by a spammer, and there is no risk to your account or your computer. However, in some cases your email account credentials or your computer has been compromised by a spammer. We recommend that you log into Office 365 web client and forward as an attachment one of these bounce messages to help@doit.wisc.edu. The DoIT Help Desk will be able to determine if you will need to reset your email password or scan your computer for infection.
If the message is being sent to an alternate address (on your account), including departmental addresses, that you no longer use, you have the ability to remove/delete this address.
What can I do about these messages cluttering my Inbox?
There are a few ways to deal with this problem:
- Wait until the spammers stop using your address, and delete the bounced message. Spammers generally only use these email addresses for a short time before moving to a different address.
- If this backscatter is addressed to one of your alternate addresses (including departmental addresses) that you no longer use, you can remove it. Learn more.
- You can add custom filters to your account to filter these messages. However, if you choose to do this, you may run the risk of filtering out legitimate bounce messages for emails that you DID send but were not delivered.