• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1143
  • Last Modified:

Spoof \ Fake Emails

I've a question about these spoof \ fake emails spammers are sending to our organisation.

We are using Exchange 2003 with no open relays.  However in my junk mailbox sometimes an email appears to be sent from me to another someone else internal (Although our company disclaimer isn't attached)  And sometimes users will get an odd bit of junk mail sent from another user to them.

How do they do this ?  Do they just put in any "from" address and any "to" address using some sort of client and then just relay through servers they can authenticate with ?

Is there anything I need to check ?

  • 2
1 Solution
Hi stevendunne,

You've hit the nail on the head :-)

It's very annoying, but they've spoofed the from: address.

As for what you can do (assuming you're using Outlook):
Open the offending email
View menu > Options
You'll see a load of "Internet Headers"
This explains what mail servers this email has travelled through on it's way to you.

Look a the "Recieved" lines - the bottom one will be the first mail server that this email went through after being sent by the spammer.
These people are likely to be either open relays, or not caring about the behaviour of their email users.  They're the people you should complain to.

If you post the internet headers here, I'll let you know how to go about complaining about it.

The other option is to use a spam filtering service of some sort.

I hope that this helps - let me know if you need any further help.

Complete Guide to Reading Email Headers -

Cert on Spoofing/Forged Emails

Block SPAM with Intelligent Message Filter - Exchange 2k3 Add-on (Free)

Configure Exchange 2003 to check recipients in SMTP protocol

You might read up on the latest variant of the MyDoom virus ... I know a lot of the newer virus types will spoof your domain addresses. If you have good content filtering software you can not only block the attachments but filter based on subject line or by email address. I had an instance with one of the latest MyDoom virus where my mail gateways were receiving 10-20k emails a day with a spoofed address of mailerdaemon@domainname.com ... the Display name was Message Subsystem or something like that ... I ended up stripping all emails with that particular email address since it was invalid.

Example of what I'm talking about ...

More information regarding Spamming and Spoofing:

Protect Against SPAM Tutorial:

As always nothing beats a solid security model and educating your users. It is important they know not to use their work email addresses to sign up for list servers, forums or any place a harvester could collect their info.


P.S. yes, you are correct - most Spammers will use a server with an open relay and use scripting to generate the From: address based on whatever lists they are using to email. There are general spoofing utilities but for the most part it is scripts sending through an open relay on an SMTP server with basic mail commands.

Your server receives the mail without authenticating because from the internet anonymous is allowed on most SMTP servers. This is by design .... it transfers the email to your or another users mailbox and gives the appearance that it is from you ... the headers tell the real story ... if you receive a lot of spam, I'd trace it back and notify the spammers ISP to try and get it shut down.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now