Users in a FOPE environment receive NDRs when they send mail to a recipient environment that uses the service

Article translations Article translations
Article ID: 2590562 - View products that this article applies to.
Expand all | Collapse all


Users in a Microsoft Forefront Online Protection for Exchange (FOPE) environment receive a non-delivery report (NDR) when they send email messages to a recipient whose messaging environment uses the service for mail security.


This issue occurs if all the following conditions are true:
  • The FOPE outgoing (also known as "outbound") edge servers are listed in the reputation block list. This listing cannot be prevented because of certain kinds of spoofing attacks that can be tried against the FOPE service and our customers.
  • The recipient email environment implemented the service in reject mode instead of in safe mode.
  • The recipient email environment has not added the FOPE outgoing edge server IP addresses to the list of allowed mail senders.
It is very common for FOPE outgoing edge servers to be listed by However, if you have to verify this, follow these steps:
  1. Use the Message Trace feature in the FOPE Administration Center to determine the host name of the outgoing edge server that sent the customer’s mail item. For more information about how to run a message trace, visit the following Microsoft TechNet website:

    Collapse this imageExpand this image
    A screen shot of the Message Trace Summary and Filtering Details
  2. Use the test provided by service to determine if the IP Address is listed as source of SPAM.


Because the cause of the issue is rooted in the service, the resolution must be directed at Backscatterer. Microsoft Online Services does not support services. The following guidance is provided as-is and without any warranty to remedy unexpected mail rejections from recipient environments that use the service as a block list.

To resolve this issue, try one of the following:
  • Contact the recipient email administrator to have the following FOPE outgoing edge server IP addresses added to an allow list to bypass the checks.

  • Contact the recipient email administrator to recommend that he or she implements the service in safe mode, as recommended in the following website:

More information

Backscatter (also known as outscatter, misdirected bounces, blowback, or collateral spam) is the incorrect and automated bounce messages that are sent by mail servers, typically as a side effect of incoming spam. Because FOPE is a spam-filtering service, mail to nonexistent recipients and to other suspicious messages is rejected by our service. When that happens, FOPE generates a new NDR message and delivers it back to the "sender." Because spammers frequently use a forged or invalid "from" address in their messages, the sender address to which the NDR is sent may result in backscatter. When this happens, outgoing servers that are associated with the FOPE network may be listed on the Backscatterer DNS block list (DNSBL).

The Backscatterer DNSBL is a list of IP addresses that send backscatter. It is not a spammer list. According to the instructions on the Backscatterer website, the use of reject mode for all incoming mail is not a recommended configuration or use of that service. It should be used in safe mode to block messages where MAIL FROM is the following:
For more information about the correct configuration, visit the following website:

Microsoft is committed to enabling customers to have a secure email environment that is both spam-free and virus-free. As part of that commitment, FOPE takes many steps to make sure that mail that is filtered through our network does not contain unsolicited commercial messages.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.

Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.


Article ID: 2590562 - Last Review: September 4, 2013 - Revision: 6.0
Applies to
  • Microsoft Forefront Online Protection for Exchange
vkbportal225 vkbportal230 kbgraphxlink kbgraphic KB2590562

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from