Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Spoof \ Fake Emails

Posted on 2004-08-26
Medium Priority
Last Modified: 2012-06-27
I've a question about these spoof \ fake emails spammers are sending to our organisation.

We are using Exchange 2003 with no open relays.  However in my junk mailbox sometimes an email appears to be sent from me to another someone else internal (Although our company disclaimer isn't attached)  And sometimes users will get an odd bit of junk mail sent from another user to them.

How do they do this ?  Do they just put in any "from" address and any "to" address using some sort of client and then just relay through servers they can authenticate with ?

Is there anything I need to check ?

Question by:stevendunne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Expert Comment

ID: 11904134
Hi stevendunne,

You've hit the nail on the head :-)

It's very annoying, but they've spoofed the from: address.

As for what you can do (assuming you're using Outlook):
Open the offending email
View menu > Options
You'll see a load of "Internet Headers"
This explains what mail servers this email has travelled through on it's way to you.

Look a the "Recieved" lines - the bottom one will be the first mail server that this email went through after being sent by the spammer.
These people are likely to be either open relays, or not caring about the behaviour of their email users.  They're the people you should complain to.

If you post the internet headers here, I'll let you know how to go about complaining about it.

The other option is to use a spam filtering service of some sort.

I hope that this helps - let me know if you need any further help.
LVL 12

Expert Comment

ID: 11909103

Complete Guide to Reading Email Headers -

Cert on Spoofing/Forged Emails

Block SPAM with Intelligent Message Filter - Exchange 2k3 Add-on (Free)

Configure Exchange 2003 to check recipients in SMTP protocol

You might read up on the latest variant of the MyDoom virus ... I know a lot of the newer virus types will spoof your domain addresses. If you have good content filtering software you can not only block the attachments but filter based on subject line or by email address. I had an instance with one of the latest MyDoom virus where my mail gateways were receiving 10-20k emails a day with a spoofed address of mailerdaemon@domainname.com ... the Display name was Message Subsystem or something like that ... I ended up stripping all emails with that particular email address since it was invalid.

Example of what I'm talking about ...

More information regarding Spamming and Spoofing:

Protect Against SPAM Tutorial:

As always nothing beats a solid security model and educating your users. It is important they know not to use their work email addresses to sign up for list servers, forums or any place a harvester could collect their info.

LVL 12

Accepted Solution

BNettles73 earned 1050 total points
ID: 11909218

P.S. yes, you are correct - most Spammers will use a server with an open relay and use scripting to generate the From: address based on whatever lists they are using to email. There are general spoofing utilities but for the most part it is scripts sending through an open relay on an SMTP server with basic mail commands.

Your server receives the mail without authenticating because from the internet anonymous is allowed on most SMTP servers. This is by design .... it transfers the email to your or another users mailbox and gives the appearance that it is from you ... the headers tell the real story ... if you receive a lot of spam, I'd trace it back and notify the spammers ISP to try and get it shut down.


Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question