I have one email address that is receiving hundreds and hundreds of bounced messages daily. At first I thought someone got a hold of his email password and was sending out emails using my SMTP server so I immediately changed his password. This started on a DirectAdmin box running exim. I then changed this domain over to my Zimbra box and set him up there. He was still receiving the bounced messages so I scanned his computer for viruses and he had a couple. I then figured (after much research) that it was an exploit in Outlook that was causing his computer to send out hundreds of spam messages and they were bouncing back to him.

I totally uninstalled Outlook and have him using the web interface for Zimbra and the bounced messages are still happening.

I know think that someone has spoofed his email address (if that is the correct terminology). I think they have configured their client with his email address so when they bounce, they go to him.

I don't know what to do. I came across DKIM and my understanding is that it will tag each email sent with a public key. In the case of a bounced message it would look for that public key and verify it with the server and if the public key is not valid or does not verify then the bounced message will be deleted instead of being sent through to his inbox.

Is this correct? If so...

I've been reading the following tutorial: Guide to Install OpenDKIM for multiple domains with Postfix and Debian

Are there any better ways to combat this?