So, what actions should the mail server take if the destination email address is fake? Obviously, if the email address is valid, the mail server should deliver the message (perhaps after applying another layer of antispam detection). But, if the email is destined for a "fake employee," some mail servers will respond with a non-deliverable report (NDR) message. That way, if there was a real sender of the email, he or she could be informed...
that the message was rejected.
Other mail servers do not respond with an NDR message, and instead simply accept the email to the bogus address and silently discard it. The reason that some mail servers eschew NDRs (as the one you describe in your question does) is because their owners do not want a spammer to be able to try thousands of usernames and harvest valid ones. With NDRs, the attackers can differentiate valid from invalid addresses because the invalid ones will trigger an NDR, while the valid ones won't.
Whether or not to send NDRs is a point of some controversy. While they can offer a desirable business function (allowing legitimate senders to know that their messages weren't received), they also can help spammers. If a spammer spoofs a source email address, the NDRs will be directed to the victim's organization and domain. Thus, if a mail server is configured to send NDRs, a spammer could turn this functionality into a denial-of-service NDR flood against other organizations' mail servers.
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.