One of our users hasrecentlystarted getting "Undeliverable Email" sent back to her, all of it spam email that she did not send. It has not passed through our Exchange server at all, and the header info all shows outside IP addresses...except for the return address, which is her email address user@domain.com. Around the same time, our IP address has started showing up on CBL, Spamhaus, Spamcop, etc...and is being blocked. I've repeatedly tried to remove our IP from the spam lists, but it shows back up within a day or two. I have scanned all servers and all users' computers with up-to-date virus scanning utilities, none of them are infected. It appears that this is completely an outside job, but is somehow bouncing off of us or relaying off of us. I have tested our IP at http://www.abuse.net/relay.html, and we are not setup as an Open Relay. I have done plenty of research online, and have found that everything from Send/Receive Connectors not being setup right...to our ISP not having the correct Reverse DNS listings for us can cause this problem? We did recently change DNS Hosts, and the Reverse DNS Pointers were not setup correctly at first...not sure if this would have anything to do with it at all. Any ideas at all? I'm completely stumped on this one.

Hi, Firstissue should not get you black-listed. This happens because the users e-mail is spoofed by a spammer. Not much you can do about that. Have you tried to find out why you are being black-listet - that informationmight be helpfull. Leif

On CBL, it specifically says this: ATTENTION: This IP is infected with, or NATting for a computer infected with a high volume spam sending trojan - it is participating in a botnet. You need to patch your system and then fix/remove the trojan. Do this before delisting, or you're most likely to be listed again almost immediately.

Like I said though, it may be spoofing that user's email address...thus she is getting the Undeliverables, but it also seems to be spoofing or bouncing off of our IP address, since we are getting black-listed.