What is it?
This is a type of spam that appears as an undeliverable message. In and of themselves, they are not typically infected with viruses. However, some NDRs do include the text of the original message that was sent, so the text content may appear in the NDR (or as an attachment to the NDR message). Spammers hope that you will read the non-delivery report message and its’ associated content.
How does it work?
They are generated when someone “spoofs” (fakes) the sender address in an email, much like putting a fake return address on a piece of postal mail. In the postal world, if the destination address isn’t valid, the post office will return the letter to the sender address stated on the envelope. NDR spam works the same way—the recipient’s address for the spam is incorrect, and the spam sender has forged the sender or reply-to attributes of the message, so that the content of the message may still reach the spam victim.
What can be done?
Unfortunately, not much can be done about this type of attack. This type of spam attack comes and goes periodically; there is nothing that can really be done about it because these non-delivery report messages appear to be legitimate to the processing systems. There typically is no virus or malware content; just information about the route that a message took while attempting delivery and the text content of the originally sent message. We have updated anti-spam settings to try to deal with this specific threat. As is the usual recommendation for any email, if you are receiving this type of spam and didn’t send out anything, do not open the message. Discard immediately if it looks suspicious.