Why am I receiving NDR messages from Microsoft 365 for mailboxes which do not exist?

Last Modified

Wed Oct 07 13:48 GMT 2020

Description

  • Why am I receiving bounceback (NDR) messages, saying that delivery has failed, when the address in the NDR does not exist in Exchange online?
    • These bounceback messages are showing that this is for an Email Scout Report (ESR) message.
    • The error code (status reply) starts with: 550 5.1.10 RESOLVER.ADR.RecipientNotFound

Environment

  • N-able Mail Assure
  • Microsoft 365 - Exchange online

Solution

  • This is due to Exchange Online only rejecting mail to invalid mailboxes, at the end of the DATA command. Not at the RCPT TO command.
    • When Mail Assure is set to not reject mail to mailboxes not in the mailboxes tab, mailboxes are validated in real time against the receiving server.
    • As Microsoft does not reject invalid mailboxes at the RCPT TO command, these technically do exist, so mail is accepted and filtered by Mail Assure.
    • This will trigger any automated reports configured for the domain, causing the NDR when this is delivered.
  • To prevent this behaviour:
    1. Ensure all valid Mailboxes and Mailbox Alias addresses are present in Mail Assure
    2. At domain level, under Mailboxes Configuration, Enable the option to Reject email to mailboxes not listed in the "Mailboxes" tab
      • This will disable recipient callouts to the domain, causing the Mail Assure list of mailboxes to be authoritative.
      • Any mail received to addresses not in this list (it is common for spammers to attempt random addresses) will be rejected by Mail Assure.
  • Important: mail being accepted by the filter (due to a positive response to the RCPT TO command from the receiving MTA), will incur a filtered mailbox charge for each address which a message is received. To ensure that accurate billing is produced, ensure that the option to reject invalid addresses is enabled.