Exchange 2016 - NDR

Natchos

Hey all,
I have recently migrated from Exchange 2010 to 2016 and am wondering about NDRs. I see the suggested way of doing things nowadays is to disable NDRs on Exchange, to avoid BackScatters. Am I right?
My issue is how do you let legit senders know their email did not reach us? Per example, emails over the allowed size limit. Senders think our recipients are ignoring them as no NDR is being sent and we are missing important jobs that way.
Everything I search about NDR and 2016 is about disabling it.

How do you proceed with that?
Thanks!

EddieJennings

I'm not an E-mail specialist by any means, but I've never configured a mail server to not send NDRs.

JasGot

In your scenario, SPF is your friend in most cases. Normally, people will tell you SPF is a waste of your time. I'm not going to argue all the various ways to use SPF and how they may or may not help.

I will say that in your case, you do want the people who need to know; to get an NDR.

So, adopt this policy: Do not send NDR if SPF check fails.

The reason this is good in your case is that if SPF passes, you (likely) have a valid sender that should get the NDR. If it fails, you will more often than not, have a sender that is not real. Not always, but way more often then never. And if your choices are to NDR or not to NDR, I would go for the unspoken third option, NDR when it will most often be helpful and not cause too much backscatter.

There are examples where even this is not the golden egg, but it is sure better than skipping your customers, vendors, friends, family, etc when they do have a valid SPF and you can demonstrate there is a high probability the message is not spam.

Natchos

@EddieJennings I know, it makes no sense to me to disable it but I understand the reasoning behind it.

Natchos

@JasGot Awesome, thanks for the input. I'll look into SPF.

scottalanmiller

@EddieJennings said in Exchange 2016 - NDR:

I'm not an E-mail specialist by any means, but I've never configured a mail server to not send NDRs.

Same here, we normally keep them on.

scottalanmiller

@Natchos said in Exchange 2016 - NDR:

@JasGot Awesome, thanks for the input. I'll look into SPF.

SPF is considered a requirement these days. And DKIM is heavily recommended.

wrx7m

@scottalanmiller said in Exchange 2016 - NDR:

@Natchos said in Exchange 2016 - NDR:

@JasGot Awesome, thanks for the input. I'll look into SPF.

SPF is considered a requirement these days. And DKIM is heavily recommended.

People are starting to come around. I have been using DKIM for a few years for all services sending email outside our org. With O365, SPF and DKIM are part of the setup.

scottalanmiller

@wrx7m said in Exchange 2016 - NDR:

@scottalanmiller said in Exchange 2016 - NDR:

@Natchos said in Exchange 2016 - NDR:

@JasGot Awesome, thanks for the input. I'll look into SPF.

SPF is considered a requirement these days. And DKIM is heavily recommended.

People are starting to come around. I have been using DKIM for a few years for all services sending email outside our org. With O365, SPF and DKIM are part of the setup.

Same with Zoho.