There isn't a lot you can do about it if your exchange server is responding to SMTP request from the outside world. Even though your users are using [log in to unmask] to respond to emails, the exchange server's MX record has to be registered to received email from the outside and this maybe one source that spammers are using. One way to curtail this problem is to install some sort of a SPAM filter between your exchange server and the outside world where the outside world talks to the spam filter and only the spam filter talks to your exchange server. Firm. -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Al Puzzuoli Sent: Monday, September 15, 2008 12:32 PM To: [log in to unmask] Subject: [MSUNAG] Spam referring to internal departmental addresses? We seem to be getting a lot of spam messages in the form of fake NDRs, most of Which involve our internal [log in to unmask] addresses. The interesting thing is that our exchange server has always been configured such that outgoing message headers show as being from [log in to unmask] The internal departmental address info shouldn't be getting exposed at all as far as I can tell; but yet, NDRs directed to [log in to unmask] addresses keep coming. What might I be missing here? Thanks, Al Puzzuoli Information Technologist Resource Center for Persons with Disabilities 517-884-1915 120 Bessey Hall East Lansing, MI 48824-1033 http://www.rcpd.msu.edu