+ 0 Votes stonehillgroup Churdoo 6 years ago is stonehillgroup.com an email domain in your own exchange organization? If so, these could be NDR's generated by your own exchange server from emails that are sent inbound to random users that don't exist at your own org, if that makes sense. By default, Exchange accepts inbound mail for any valid or invalid user of email domains for which it's authoritative; once it receives the message and an AD lookup indicates that the user does not exist in the org, Exchange generates an NDR and attempts to send it to the sender. A common practice of spammers is to generate random or common email addresses for a given domain, hoping to get some of their spam delivered. Since the sender of the original email is typically spoofed, the NDR's can't be delivered, they just build up until their retry time has expired. If this is the case, you could turn on Recipient filtering (in global settings / message delivery properties AND your SMTP virtual server / IP Addresses / Advanced), but this may allow the spammers to figure out valid versus invalid email addys. Enabling this changes the message returned to the sending SMTP server during the initial delivery attempt of the inbound spam, and could allow the spammers to figure out valid email addys.