Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

Track email spoofer

One of my users got his email address spoofed and hes getting 25000 reply emails a day re: undeliverable message.  is there an app that can track who or where the spoofed email is coming from?  He is not running any malware, spyware, or viruses locally and exchange is clean.
1 Solution
Will SzymkowskiSenior Solution ArchitectCommented:
Hello there,

This might be what your looking for.


Hope this helps
so there could be a couple of things happening here:

1. someone is pretending to be the admin and sending re: undeilverable messages directly to your friend
2. someone spoofed your friends email address and actually sent an email to a valid isp (but invalid account) and the isp dutifully is reporting back to who it thinks originally sent the message.

in either case, it may be possible by inspecting the headers of the email. look for the Received: headers. usually the server will attach the original message headers as part of its response. the headers are arranged (top to bottom) in reverse chronological order, i.e. the most recent appears closer to the top.

maybe if you post what your friend is getting here, i can walk you through one.
When you say "Exchange is clean", what exactly does that mean?

Please understand the value of a compromised mail server.  Spammers search for them constantly.  Now check out Microsoft Security Bulletin MS06-019, http://www.microsoft.com/technet/security/bulletin/MS06-019.mspx.  Are you SURE your mail server isn't being used to send the bogus emails?  How long has this been going on?

My other suggestion, if your mail server for sure ain't the source, is simple, fast, and brute force: abandon the email address.  If it is swamping your mail server, unregister it with your ISP or mail hosting service so that it never reaches your mail server.  You could spend weeks trying to track down a spoofer and almost certainly not succeed.  My solution is real world.  What's your time worth to you?  Kill it, and move on.   Most of us have several emails, one for "public" things like posting here, registering for whitepaper downloads and the like, and others that we actually use in the course of earning a living.
I agree, tracking down the spoofer will likely not be too productive, unless it turns out that one of your own machines is infected.

In any case, here are a couple of links that may help:

bklyngyAuthor Commented:
we gave him another email address; stonewall jacoby hit it on the nose

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now