Have you ever seen messages from Mail Delivery Subsystem, or “mailer-daemon,” in your inbox?  If you have, you have likely seen a LOT of them — from dozens to even hundreds!  So what are these messages, why are you getting them, and is there anything to be worried about?




So, the “mailer-daemon” (pronounced “male-er day-mun”) is another name for the response system in an email server.  It is not a person – just a computer.  When a message is received by a mail server, the server checks the address to see if it exists on that server.  If the address does exist there, it will deliver the message to that person’s mailbox on the server.  However, if the address does not exist on that server, the message cannot be delivered and must instead be returned to the sender.  That return message will be from “mailer-daemon”.




“Okay, I get that, but why am I getting them??”


Let’s turn our attention to how spammers operate.  Spam systems collect any addresses they can from emails they scan, data they mine or buy, and emails they get through websites they control, so they have hundreds or thousands of email addresses in a database.  Those are the addresses they will send their spam emails.  The problem is many of those addresses may be old, misspelled, or completely made up by the user, so the spam system is unknowingly sending many of its spam messages to email addresses that are not valid.   Each of those invalid addresses will generate a “mailer-daemon” message back to the spam sender.



“That makes sense, but why are they coming to ME instead of going back to the spammer??”


The spam systems use another trick when they send their spam emails.  They never use their “real” address when they send their spam.  They randomly pick one of the addresses in the list of addresses they’ve collected and use one of them for every spam blast.  That way, any returned messages go back to that person instead of to them!  It just so happened that YOUR address (which must be in their list) was used as the “sender” for that round of spamming.  That’s why all of the returned messages were sent to you.



“So, what do I do about it??”


Getting these “mailer-daemon” messages means the spam email has already been sent.  Servers vary in the length of time for which they continue to try delivering the message before returning it to the sender, so you may receive these “mailer-daemon” messages for up to four days before they stop.  These messages are not dangerous – you can just delete them.



“And that’s it??”


Hopefully, yes.  IF the “mailer-daemon” messages do not subside after four days — if they continue coming in or even get worse, that means there is likely something going on to perpetuate this cycle.  Basically, we would suspect that either your computer has an infection or your email password has been compromised as something is continuing to use your email for spamming.

So, at that point, you would want to run your anti-virus program on any devices (laptop, desktop, android device) that uses that email address to clean any infections, malware, viruses, etc. off of it.  Once that is done, call TCC and we’ll change your email password so any spam systems that have your current password will no longer have the access to your account.  This can only be done after you scan your computer as a malware program could simply get your new password as soon as you type it in.

THEN, you should be in the clear.  Again, you will probably see those “mailer-daemon” messages for a couple more days while servers finish delivering or rejecting the spam messages, but then it should be gone for good.


“Now my email won’t send!  I’m getting a “554” error message!”


Being unable to send email – and getting a “554 error message – is a result of having some type of infection or password breach that caused your email to be used by some outside entity.  If your account is actually used to try to send spam – through TCC’s email server – our filtering will eventually shut it down and put a lock on your account so you cannot send until the situation is resolved.  That lock typically generates a “554” error message.

At this point, the anti-virus scan and password change is required to reopen your email as we have to contact the mail server administrator to unlock your account and they will only do that if they are reasonably certain that the server will be safe from being used for spam.


“So, is that it??”


Yes, that *should* be the last of the “mailer-daemon”, spam, and “554” error issues.  Just be careful what you click on and download, messages that ask you to click a link or provide information, and having passwords on your account that might be easy for a spam system to guess.


If you have any further questions, please contact TCC at info@tccpro.net and we’ll be glad to help!!