University of Southampton

iSolutions

Suspicious emails bounced back to the sender

This article explains why you might receive suspicious emails marked as "undeliverable" by Microsoft Outlook. It also suggests what you should do in case you receive these suspicious emails.

You can find guidance on standard undeliverable emails in the Microsoft Support article Sent email in Outlook.com comes back "delivery failed".

To know more about keeping your account safe and identifying phishing emails, please visit the Cyber Security web page "Learn more about security".

Reasons why an email comes back as "undeliverable"

There are many reasons why emails may come back marked as undeliverable, though the most frequent ones are:

  1. incorrect email address
  2. issues related to the recipient’s email server
  3. issues related to the sender’s email server – in this case, that server has been added to a blacklist or marked as "spammer"
  4. the email has been blocked by spam filters
  5. someone is trying to send a message spoofing your university email address.

---

Back to the top

 

Overview of suspect emails

You might receive suspect emails that appear to have yourself as the sender. This kind of email can be considered as phishing or scam.

Phishing emails

Phishing emails try to trick you into revealing passwords, or other information about yourself such as bank details. Most of the time you can recognise them by paying attention to warning signs.

To know more about phishing and how to report a phishing email, please read the article "Reporting Phishing or SPAM messages".

Scam emails

A scam email is an unsolicited and fraudulent email sent to trick you into giving away:

  • sensitive information
  • your bank account details
    or
  • payments (most of the time in Bitcoin).

You might receive emails showing a suspicious subject and yourself as the email’s sender. This happens when a hacker tries to trick you acting like they have forced your email address and they can do whatever they want on your behalf.

---

Back to the top

 

How the University protects your account

To protect our university accounts, the University uses an email standard verification protocol called "Domain-based Message Authentication, Reporting & Conformance" (DMARC).

DMARC standard is used in particular to:

  • confirm the sender’s identity (using the Sender Policy Framework and the DomainKeys Identified Mail)
  • ensure the destination email systems trust messages sent from the University’s domain
  • protect our accounts from cybercrime
  • discover fraudulent use of a domain  

What happens when someone tries to spoof your account acting as yourself?

It’s not unusual to receive a notification of a suspicious email marked as undeliverable showing the following information:

  • a suspicious subject 
    and
  • yourself as the email’s sender

Here you can see an example:

Example of bounced email marked as undeliverable
 

This happens when someone tries to send scam emails through the university’s servers. This is a clever way to send scam or spam emails back to users by using their anti-spam protection. As a response, our DMARC:

  1. rejects this kind of email from being sent by our mail servers
  2. generates a report of the attack
  3. alerts the Infrastructure and Cyber Security teams

Check your notification of undeliverable emails

If you are in doubt about a notification of an undeliverable email, you can check at least 5 elements:

  1. The email’s subject: even if the email has been bounced, you can still read the original subject. The example below shows a suspicious "I RECORDED YOU!"
  2. The sender will be Microsoft Outlook (point 2 of the picture below)
  3. The bounced email marked as undeliverable will show the details of the original email and a copy of the message as attachments
  4. A synthetic reason for rejection
  5. The diagnostic information for administrators will show you the number of the server rejected and the description of the rejection (point 5 of the example below: "Access denied, sending domain soton.ac.uk does not pass DMARC verification and has a DMARC policy of reject")  

Bounced email containing 5 parts highlighted with orange rectangles. Every part refers to the 5 points listed above the pictures

---

Back to the top

 

What to do after receiving a suspicious undeliverable email notification

The University’s Infrastructure Services and Cyber Security teams are monitoring these activities and blocking external attacks.

What you can do in these cases is:

  • Ignore or delete these notifications of undeliverable emails
    or
  • Create a rule in Outlook so you can direct them directly to another folder. If you need guidance on creating rules in Outlook, please read the article "Setting up rules in Outlook"

Most of the time hackers attach an account for a couple of days. If they are not successful, they move to another one. 

If you are receiving up to 100 scam emails per day, please raise a ticket to iSolutions

---

Back to the top

 

Related content

Cyber Security

Reporting Phishing or SPAM messages

Using Domain-based Message Authentication, Reporting and Conformance (DMARC) in your organisation - GOV.UK

Was this article helpful?

If you have any further comments, please put them below.

Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.


Thank you for your feedback, it is much appreciated.

Back to List

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×