View blogs | Login

What is a Reverse NDR Attack

The non-delivery report (NDR) is generated when an email message is not able to be sent to the next hop.

Spammers can use NDR as a method to generate spam towards victims by using the victim's email address as the sender. This is called a reverse NDR Attack.

Consider the following scenario:

  • Bob (the victim), has an email address
  • You run an email server that accepts messages for In addition, it accepts messages for valid as well as invalid users.
  • Jim (the attacker), wants to send a spam message to Bob. However, instead of sending it directly to Bob, he sends it through your email server. He does this to prevent his IP address from getting black listed.
  • Jim's composes an email with the following values for Sender and Recipient:
Since does not exist, your email server will generate an NDR. However, that NDR will get sent to Bob instead of Jim, because Jim forged the sender to be Bob instead of Jim.
Refer to the diagram below for more information:

Preventing such attacks in Xeams

There are two features in Xeams that will help against a reverse NDR attack.
  • Configure Xeams to reject invalid users. This is done by specifying a valid list of users or integrating with Active Directory.
  • Configure how NDRs are generated.
    Configuring NDRs
    After logging in as admin, go to Smtp Server Configuration and select the Advanced Tab. Following bullets describe two important configuration parameters.

    Include Original:
    This option configures whether to attach the original email message in the NDR. By default, this option is disabled. It is highly recommend to leave this option disabled to prevent spammed messages.

    Generate NDRs only for outbound emails:
    This option only allows NDRs to be generated for outbound emails. This prevents the reverse NDR attack where someone uses your email server to bounce back spam messages.

Created on: May 18, 2016
Last updated on: Jul 19, 2024


Your email address will not be published.

Christian Gugliucci 435 days ago

I want to congratulate with your Team!
This Reversible NDR Attack picture is perfect to explain this Threat.

zhangyiyi 416 days ago

Hello, it was a pleasure reading your article. Your article has helped me a lot. My mail service received a lot of rcpt attacks yesterday, have you encountered a similar situation, is there a good solution, looking forward to your reply