[Last Call] Learn how to a build a cloud-first strategyRegister Now


Spoof \ Fake Emails

Posted on 2004-08-26
Medium Priority
Last Modified: 2012-06-27
I've a question about these spoof \ fake emails spammers are sending to our organisation.

We are using Exchange 2003 with no open relays.  However in my junk mailbox sometimes an email appears to be sent from me to another someone else internal (Although our company disclaimer isn't attached)  And sometimes users will get an odd bit of junk mail sent from another user to them.

How do they do this ?  Do they just put in any "from" address and any "to" address using some sort of client and then just relay through servers they can authenticate with ?

Is there anything I need to check ?

Question by:stevendunne
  • 2
LVL 15

Expert Comment

ID: 11904134
Hi stevendunne,

You've hit the nail on the head :-)

It's very annoying, but they've spoofed the from: address.

As for what you can do (assuming you're using Outlook):
Open the offending email
View menu > Options
You'll see a load of "Internet Headers"
This explains what mail servers this email has travelled through on it's way to you.

Look a the "Recieved" lines - the bottom one will be the first mail server that this email went through after being sent by the spammer.
These people are likely to be either open relays, or not caring about the behaviour of their email users.  They're the people you should complain to.

If you post the internet headers here, I'll let you know how to go about complaining about it.

The other option is to use a spam filtering service of some sort.

I hope that this helps - let me know if you need any further help.
LVL 12

Expert Comment

ID: 11909103

Complete Guide to Reading Email Headers -

Cert on Spoofing/Forged Emails

Block SPAM with Intelligent Message Filter - Exchange 2k3 Add-on (Free)

Configure Exchange 2003 to check recipients in SMTP protocol

You might read up on the latest variant of the MyDoom virus ... I know a lot of the newer virus types will spoof your domain addresses. If you have good content filtering software you can not only block the attachments but filter based on subject line or by email address. I had an instance with one of the latest MyDoom virus where my mail gateways were receiving 10-20k emails a day with a spoofed address of mailerdaemon@domainname.com ... the Display name was Message Subsystem or something like that ... I ended up stripping all emails with that particular email address since it was invalid.

Example of what I'm talking about ...

More information regarding Spamming and Spoofing:

Protect Against SPAM Tutorial:

As always nothing beats a solid security model and educating your users. It is important they know not to use their work email addresses to sign up for list servers, forums or any place a harvester could collect their info.

LVL 12

Accepted Solution

BNettles73 earned 1050 total points
ID: 11909218

P.S. yes, you are correct - most Spammers will use a server with an open relay and use scripting to generate the From: address based on whatever lists they are using to email. There are general spoofing utilities but for the most part it is scripts sending through an open relay on an SMTP server with basic mail commands.

Your server receives the mail without authenticating because from the internet anonymous is allowed on most SMTP servers. This is by design .... it transfers the email to your or another users mailbox and gives the appearance that it is from you ... the headers tell the real story ... if you receive a lot of spam, I'd trace it back and notify the spammers ISP to try and get it shut down.


Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question