We have an e-mail newsletter system that sends messages out to folks who opt-in. Of course, every now and then the address of a subscriber does not work, and we get a "bounce back" message ("The following recipient(s) could not be reached", or something similar). If we keep getting one from the same address, after a while, we remove it from our list.

But, now something funny is going on: We keep getting a "bounce back" message from an e-mail address we are NOT sending anything to! We even checked the logs on the e-mail server very carefully. Nothing.

We do, however, send to some folks on the same domain. For example, we might send messages to aaa@zzz.com, bbb@zzz.com, and ccc@zzz.com. And yet, for some reason, a bounce-back comes from yyy@zzz.com , even though we never sent anything to that one. (These example e-mails are not the real addresses, of course.)

I suspect one of those 'legit' addresses (aaa, bbb, or ccc) is forwarding to the other (yyy), and for some reason we are the ones receiving the bounce.

Does anyone know the specifics of how this could happen, and what I should be investigating, either in the messages' headers, and/or our server logs? I want our end examined as much as possible, before we ask the appropriate subscribers to do anything.

Thanks!

I've gotten bounced email where apparently a spammer spoofed my email address as the return address. I think it's common for spammers to send spam to almost every conceivable name at any domain name they can find. So naturally most of the recipients won't be valid emails, and they'll get bounced back to the forged sender.

I think you have to be careful about marking this kind of message as spam, because you could be marking yourself as a spammer.

The other interesting thing to know is that the Subject line of the e-mail being bounced to us is the same as the Subject for the newsletter we sent, that day! This is not a Spam item that is being bounced. It is one of our own.

What's the newsletter system you're using?

What's the newsletter system you're using?It's a home-brewn solution. It's a custom app. that grabs e-mail addresses from a database, and spits out an e-mail to each of them, with the newsletter content. I'm not the one who built it. But, the coding is rather simple.

Is it possible that that app is causing the problem? That's the only thing I can think of offhand...

Is the process by which the e-mail is being sent done in compliance to RFC requirements? I know that our e-mail server will drop anything that doesn't match at least 4 or 5 main RFC compliance requirements, namely having a reverse DNS as the big one, as well as being able to hold the SMTP connection and retrying after two minutes (otherwise known as greylisting). Those simple steps have dropped the amount of spam here where I work by 80%, and a few extra steps I've taken (mostly through regex word and phrase filters) have gotten our filtering to somewhere between 95-98%.

It's worth checking out whether your newsletter is following the RFC requirements, first and foremost.

Is it possible that that app is causing the problem? That's the only thing I can think of offhand...Anything is possible.

But, even looking outside the app., and into the e-mail server's activity logs, there is no record of sending a message to that particular e-mail address.

It's worth checking out whether your newsletter is following the RFC requirements, first and foremost. I'll go ask!

I meant the mailer for the newsletter, not the newsletter itself. :o

Also, it does seem like there is some kind of forwarder involved with one of the addresses you're bouncing from. I'm not sure what the problem is, though, without seeing the exact bounce message and possibly taking a look at the headers.

Check the headers of the offending "bounces" to see from which servers they came. Then compare this to the configured mail-exchangers for the domain in question (use nslookup or some other DNS client for this purpose). Let us know what you find.

I think the guy's been fired or has quit. They probably had an auto-answer on there for a while but now just bounce it, either to the new person in the position or to a dead letter box. You'd have nothing in your headers that would tell you anything as they just take it in and take over, so all the info would've been in their first bounce. I get this all the time.



Ask 'em.

I meant the mailer for the newsletter, not the newsletter itself. :o
Right. I know that.
But, if the mailer application sent the e-mail, we would still see evidence of it in the logs. (Unless it is sending it through a separate e-mail server, somehow. But, I have checked through the code, and there is nowhere it could be doing that.)

ETA: I will check on a few things, tomorrow!

We have an e-mail newsletter system that sends messages out to folks who opt-in. Of course, every now and then the address of a subscriber does not work, and we get a "bounce back" message ("The following recipient(s) could not be reached", or something similar). If we keep getting one from the same address, after a while, we remove it from our list.

But, now something funny is going on: We keep getting a "bounce back" message from an e-mail address we are NOT sending anything to! We even checked the logs on the e-mail server very carefully. Nothing.

We do, however, send to some folks on the same domain. For example, we might send messages to aaa@zzz.com, bbb@zzz.com, and ccc@zzz.com. And yet, for some reason, a bounce-back comes from yyy@zzz.com , even though we never sent anything to that one. (These example e-mails are not the real addresses, of course.)

I suspect one of those 'legit' addresses (aaa, bbb, or ccc) is forwarding to the other (yyy), and for some reason we are the ones receiving the bounce.

Does anyone know the specifics of how this could happen, and what I should be investigating, either in the messages' headers, and/or our server logs? I want our end examined as much as possible, before we ask the appropriate subscribers to do anything.

Thanks!


Personally I use different Email addresses to my primary one to avoid spam - while some of those secondary addresses automatically forward mails to my primary email account. Now if my primary Email account wouldn't exist anymore, you would get a "bounce-back" from an address you didn't send an email to - so this could be the explanation for the OP's mistery.

Yeah or the person who has mail forwarded to them has exceeded their mail quota and new mail is being bounced.

As some brain-dead tool did on one work mailing list I was on. Went on holiday and activated "out of office" to reply to all his emails every time (not just once per recipient) and left his mailing sub open. So he got a mail which generated an auto-reply which got posted to the list which generated an autoreply which ...........

Does anyone know the specifics of how this could happen, and what I should be investigating, either in the messages' headers, and/or our server logs? I want our end examined as much as possible, before we ask the appropriate subscribers to do anything.

This is a common problem for mailing lists. You are probably correct that one of your subscribers may be forwarding his email to another address where it subsequently gets bounced.

One solution is to periodically send out individualized emails to each subscriber with a tag that will be returned in the bounce and identify the specific subscriber that is generating the bounce. The only piece of the outgoing message that is guaranteed to be returned in a bounce is the envelope sender address. What some systems do is send an email to each subscriber using a different sender address and see which senders get the bounce.

ETA: For your current problem, You could examine the headers of the return bounce to see if there is any identifying information from the original message or from the system that relayed the message. Would it be possible for you to post the bounce message with headers here (sans personally identifying information if you wish)?

So, I forgot what the exact wording was (and I won't be able to obtain it until Monday), but there was an indication in the Header saying something along the lines of the message being bounced between two e-mail addresses and failing. So, that's a clue that my theory was correct.
We'll notify the domain (if we have not already) of this, and see what happens.

Thanks for the suggestions, folks!

So, I forgot what the exact wording was (and I won't be able to obtain it until Monday), but there was an indication in the Header saying something along the lines of the message being bounced between two e-mail addresses and failing. So, that's a clue that my theory was correct.

If you send a personal email to each of the subscribers at that domain, You'll get a bounce for the one that has their email forwarded in a loop. Or, you could just ignore it and wait for the that user to discover why they aren't getting any email.


I had a worse case of mail loops about two years ago. The president of our user group created a vacation program that replied to each message saying he was off enjoying himself for the next week. By the time I caught it, there were several hundred replies to replies to replies that went to the entire user group through the mailing lists.

So, anyway: It seems someone, somewhere took care of the problem, on the other domain's end, once we told them about it.

But, thanks for the suggestions, everyone!

I have miniscule experience as an e-mail administrator, so some of the information in here could be handy to know, the next time some obscure issue crops up, even if it was not so applicable to this issue.