?
Solved

Incorrect user receiving mail

Posted on 2005-05-17
6
Medium Priority
?
268 Views
Last Modified: 2010-08-05
Our company has recenty been the victim of massive SPAM attacks.  We have implemented GFI's SPAM filters and it it working fairly well howerver some users are receiving messages that according to the header of the message are addressed to someone else in the company.  For example a legitimate user (user1@ourdomain.com) receives a messages which according to the header is address to legitimate user user2@ourdomain.com.  How can exchange deliver a message to the wrong user?  It is possible to hide something in the header which I cannot see in Outlook?  We are not experiencing any other issues with Exchange.  Any ideas???

Platform:
Exchange 2003 Std.
Windows 2003 Std.
0
Comment
Question by:JasonDecker
  • 4
  • 2
6 Comments
 
LVL 24

Expert Comment

by:flyguybob
ID: 14020656
The BCC field can be used extensively.  I can send a message to john@company.com, BCC it to jane@othercompany.com and jane can recieve it, looking like it was originally intended for john@company.com.  I can also do this to send messages to a group of folks.

http://www.ietf.org/rfc/rfc2821.txt  SMTP RFC - See section 7.2 regarding Blind Copies.
0
 

Author Comment

by:JasonDecker
ID: 14027152
Didn't think about that, I never really paid attention to a header in a BCC.  So, it appears the spammers are sending a single email to our domain to an invalid user and BCC'ing many more.  Nice trick.  Any ideas on how to stop this?  I have in place GFI MailEssentials SPAM filter and it is catching thousands of these messages but hundreds are still getting through.  What can we do?

BTW, I will accept your previous answer, and if you are able to continue this thread and help me get further I will also up the points since this is really a new question.  If you don't have any additional info just comment and I will accept and close.  Thanks...

0
 
LVL 24

Accepted Solution

by:
flyguybob earned 1400 total points
ID: 14027507
I have a similar thread going on in another question.
Many companies I know of are starting to implement Ironport devices.  Though, for a smaller business, they come with a steep price tag.

As for how to stop this...  Beyond what you are already doing, no.  GFI is a good product for the price.  It takes a bit of tweaking.  It might be possible to contact their tech support to get some help implementing the RBL feature.  There is also a URLBL feature that was recently released.  Both of those may help tighten the noose just a little...but it may also filter some legitimate mail as well.

How to configure connection filtering to use Realtime Block Lists (RBLs) and how to configure recipient filtering in Exchange 2003
http://support.microsoft.com/default.aspx/kb/823866 

http://www.petri.co.il/block_spam_with_exchange_2003.htm  (Using 3rd party software section)
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:JasonDecker
ID: 14027732
Thanks for you help.  I have tried to avoid some of the BL stuff 'cuz it can be a bit of an admin headache.  I guess I will have to go there :-(  Thanks again...
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14028266
Yes, the BL stuff can be a bit of a headache...
0
 
LVL 24

Expert Comment

by:flyguybob
ID: 14028273
...but so can Spam.

You may want to talk to them regarding the URL BL stuff.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question