Bad Addresses



  • Since our email virus escapade a few weeks ago, we have tightened up security on our Exchange Online server. Now, I am getting reports from my Exchange Online server of emails that are coming in attempting to reach employee's email addresses that are no longer with the company.

    I was going to create a transport rule that would take email addresses that no longer belongs in our AD, but are in a list, and have them deleted upon receipt. But, Exchange Online only allows for those that are within AD to be in the filter.

    Is there another method of filtering out recipient email addresses that are no longer within AD?



  • @nerdydad said in Bad Addresses:

    Since our email virus escapade a few weeks ago, we have tightened up security on our Exchange Online server. Now, I am getting reports from my Exchange Online server of emails that are coming in attempting to reach employee's email addresses that are no longer with the company.

    I was going to create a transport rule that would take email addresses that no longer belongs in our AD, but are in a list, and have them deleted upon receipt. But, Exchange Online only allows for those that are within AD to be in the filter.

    Is there another method of filtering out recipient email addresses that are no longer within AD?

    Aren't the email addresses bounced though?



  • Right. Why aren't the accounts disabled/deleted?



  • Correct. These accounts are deleted.



  • Dont you get hundreds of invalid address email submissions a day? like a ton of emails to addresses that dont exist.
    Do you read these reports?

    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]

    Just delete these. I think there is an option to drop or delete all emails for people who dont exist in the directory(rather than return NDR to sender), at least on premise Exchange has this.



  • @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDRs?



  • @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.



  • I think what they are implying above is that emails sent to non-existent address/account should be dropped rather than generating a non-delivery receipt/response to the sender.

    There's a pros and cons in the implementation. Ofcourse, it would be nice if the sender will be receiving a response that the mailbox is non-existent on the email server (being courteous). It might totally be non-existent or entered incorrectly, however, it will also get the idea that the domain exist, and that the sender with malicious intention will try to guess another recipient (instead of waiting forever for a response). Especially true for those with companies using generic addresses like cio, coo, sales01, sales02, etc.



  • @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?



  • @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.



  • @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.

    If you are going to delete them at the server, best to not get them at all.



  • @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.

    I am missing something here, usually if you have old email addresses deleted they don't get sent to you they get bounced back to the sender. What am I missing?



  • @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.

    I am missing something here, usually if you have old email addresses deleted they don't get sent to you they get bounced back to the sender. What am I missing?

    From what I can tell, these are newsletters from automated systems. Some were internal and the senders lists from those systems have been resolved. The emails that we are getting now are like alerts from facebook or other alerts that we have no care for and the person that was receiving them hasn't been here for a couple of years at least.



  • @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.

    I am missing something here, usually if you have old email addresses deleted they don't get sent to you they get bounced back to the sender. What am I missing?

    From what I can tell, these are newsletters from automated systems. Some were internal and the senders lists from those systems have been resolved. The emails that we are getting now are like alerts from facebook or other alerts that we have no care for and the person that was receiving them hasn't been here for a couple of years at least.

    But why are you getting them? We are still missing the basics. If a person left and their email is gone, you would not get an email from any system about them getting sent things.



  • I guess the real question is... why did you tighten security to a point that you are unhappy with the results? It's not "security" to send you all these useless emails. So just undo that requirement.



  • @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    @dbeato said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    Correct. These accounts are deleted.

    So you don't want to have NDR access?

    Huh? Please educate me. I don't understand.

    I edited, bad writing on Iphone but my question was, so you don't want any NDR messages sent back?

    I really don't care, they get moved to my junk email folder and will be deleted within 30 days. My boss gets them too and was wondering if there was a way to manage them, such as deletion at the server.

    I am missing something here, usually if you have old email addresses deleted they don't get sent to you they get bounced back to the sender. What am I missing?

    From what I can tell, these are newsletters from automated systems. Some were internal and the senders lists from those systems have been resolved. The emails that we are getting now are like alerts from facebook or other alerts that we have no care for and the person that was receiving them hasn't been here for a couple of years at least.

    So you have active aliases or fowarding for them so you get them? Otherwise if there are gone they will not even get to anyone.



  • @scottalanmiller said in Bad Addresses:

    I guess the real question is... why did you tighten security to a point that you are unhappy with the results? It's not "security" to send you all these useless emails. So just undo that requirement.

    That's probably going to be the plan. Boss tightened up security. I'll investigate to see about turning that one off.



  • @nerdydad said in Bad Addresses:

    @scottalanmiller said in Bad Addresses:

    I guess the real question is... why did you tighten security to a point that you are unhappy with the results? It's not "security" to send you all these useless emails. So just undo that requirement.

    That's probably going to be the plan. Boss tightened up security. I'll investigate to see about turning that one off.

    That specific one isn't security related. If anything, spamming you with garbage will cause you to ignore real problems.



  • FFS @NerdyDad answer the damned question

    How are you getting email for accounts that do not exist.

    This is not possible and not something that you can get from a security setting.

    You are spinning in fucking circles here because you have not answered a basic question.



  • Oh FFS



  • So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.



  • @nerdydad said in Bad Addresses:

    ... and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    This is the part we don't understand. This is not normal.



  • @nerdydad said in Bad Addresses:

    So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    Re-create the user account, assign an Office 365 license for the interim. Perform password resets under the ex-users account and opt-out of everything.

    Revoke the Office 365 license once done.



  • @nerdydad said in Bad Addresses:

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    You should not be receiving any notification about this. How are these getting to you in the first place? The rest of us do this every day and don't get these emails. What if they were emails to random accounts that had never existed at all? We get that millions of times a day, but don't see them as they never get sent to people.



  • @dustinb3403 said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    Re-create the user account, assign an Office 365 license for the interim. Perform password resets under the ex-users account and opt-out of everything.

    Revoke the Office 365 license once done.

    That will not work, as the issue is that he is receiving the catch-all.



  • @scottalanmiller said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    You should not be receiving any notification about this. How are these getting to you in the first place? The rest of us do this every day and don't get these emails. What if they were emails to random accounts that had never existed at all? We get that millions of times a day, but don't see them as they never get sent to people.

    He is getting NDR notifications on the admin side. There is a report somewhere in there that shows bounced emails.



  • @scottalanmiller said in Bad Addresses:

    @dustinb3403 said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    Re-create the user account, assign an Office 365 license for the interim. Perform password resets under the ex-users account and opt-out of everything.

    Revoke the Office 365 license once done.

    That will not work, as the issue is that he is receiving the catch-all.

    He needs to login to the services that are assigned to the ex-user as that user, and disable the account notifications.



  • @dustinb3403 said in Bad Addresses:

    @scottalanmiller said in Bad Addresses:

    @dustinb3403 said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    Re-create the user account, assign an Office 365 license for the interim. Perform password resets under the ex-users account and opt-out of everything.

    Revoke the Office 365 license once done.

    That will not work, as the issue is that he is receiving the catch-all.

    He needs to login to the services that are assigned to the ex-user as that user, and disable the account notifications.

    But none should be assigned to them, they don't exist.



  • Scott, just sent you one of the reports that I have been receiving for better clarification.



  • @scottalanmiller said in Bad Addresses:

    @dustinb3403 said in Bad Addresses:

    @scottalanmiller said in Bad Addresses:

    @dustinb3403 said in Bad Addresses:

    @nerdydad said in Bad Addresses:

    So I got Fox'd.

    Let me draw you a picture.

    Employee is on-boarded with the company and is assigned an email address. Employee begins work and uses email address for (I hope) signing up for industry newsletters, email alerts, etc. Something happens to said employee and they leave. Email account stays open and emails are forwarded to superior until superior can notify other parties of employee's departure. Then said superior tells us to pull the license from O365, which deletes the now ex-employees account. Said superior fails to unsubscribe from email lists and other alerts and we get alerts from the Exchange Online server saying that it has an email going to an address but doesn't have an account to match that address.

    Question is: How do I get the notification emails to stop?

    I suppose I could create aliases for all of these addresses to my account and slowly unsubscribe from each one.

    Re-create the user account, assign an Office 365 license for the interim. Perform password resets under the ex-users account and opt-out of everything.

    Revoke the Office 365 license once done.

    That will not work, as the issue is that he is receiving the catch-all.

    He needs to login to the services that are assigned to the ex-user as that user, and disable the account notifications.

    But none should be assigned to them, they don't exist.

    They don't exist in Office 365. The user account still exist on "stupidemailalerts.com" or whatever service they have signed up for.

    Closing the account in office 365 doesn't remove the user from the things they opt'd/signed up for when they did exist.