Email spoofing issue

Posted on 2006-05-10
Last Modified: 2009-02-05
We have an issue with someone apparently sending email to our internal users posing as our actual exchange server. Below is the header of an email. Note that the email looks like it is coming from our mail server ( but the IP address ( is not ours. The email is sent with a from address of one of our internal users and sent to other users in our company. We have relay restrictions on our Exchange server (only allowing the IP address of our Exchange server to relay but does allow any authenticated user to relay), this is set on the Relay restrictions tab of the SMTP virtual server. HELP! We are getting a lot of these type of emails.

Microsoft Mail Internet Headers Version 2.0
Received: from ([]) by with Microsoft SMTPSVC(5.0.2195.6713); Thu, 4 May 2006 08:12:34 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
From: <>
To: <>
Subject: Members Support
Date: Thu, 4 May 2006 19:11:47 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: <>
Message-ID: <>
X-OriginalArrivalTime: 04 May 2006 12:12:34.0818 (UTC) FILETIME=[06D57620:01C66F74]
Content-Type: text/html;
Content-Transfer-Encoding: 7bit
Content-Description: warning.htm
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;




Question by:cberinger
    1 Comment
    LVL 31

    Accepted Solution

    It's not easy to stop this kind of thing.  Since they are using your own SMTP domain, it isn't technically relaying.  You could try enforcing SPF lookups (after creating your own SPF record, of course), but then you would without doubt lose many genuine emails.  I would be inclined to 'ride it out', and see if it stops.  If not, then a spam filter should stop most of the junk mail.  If you use E2003 SP2, then I find that the built-in IMF is quite good.  Mind you, many other people don't like it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Live - One-on-One Exchange Help from Top Experts

    Solve your toughest problems, fast.
    Exchange experts are online now and ready to help you.

    Suggested Solutions

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now