Track email spoofer

Posted on 2006-05-11
Last Modified: 2010-04-11
One of my users got his email address spoofed and hes getting 25000 reply emails a day re: undeliverable message.  is there an app that can track who or where the spoofed email is coming from?  He is not running any malware, spyware, or viruses locally and exchange is clean.
Question by:bklyngy
    LVL 53

    Expert Comment

    by:Will Szymkowski
    Hello there,

    This might be what your looking for.

    Hope this helps
    LVL 4

    Expert Comment

    so there could be a couple of things happening here:

    1. someone is pretending to be the admin and sending re: undeilverable messages directly to your friend
    2. someone spoofed your friends email address and actually sent an email to a valid isp (but invalid account) and the isp dutifully is reporting back to who it thinks originally sent the message.

    in either case, it may be possible by inspecting the headers of the email. look for the Received: headers. usually the server will attach the original message headers as part of its response. the headers are arranged (top to bottom) in reverse chronological order, i.e. the most recent appears closer to the top.

    maybe if you post what your friend is getting here, i can walk you through one.
    LVL 4

    Accepted Solution

    When you say "Exchange is clean", what exactly does that mean?

    Please understand the value of a compromised mail server.  Spammers search for them constantly.  Now check out Microsoft Security Bulletin MS06-019,  Are you SURE your mail server isn't being used to send the bogus emails?  How long has this been going on?

    My other suggestion, if your mail server for sure ain't the source, is simple, fast, and brute force: abandon the email address.  If it is swamping your mail server, unregister it with your ISP or mail hosting service so that it never reaches your mail server.  You could spend weeks trying to track down a spoofer and almost certainly not succeed.  My solution is real world.  What's your time worth to you?  Kill it, and move on.   Most of us have several emails, one for "public" things like posting here, registering for whitepaper downloads and the like, and others that we actually use in the course of earning a living.
    LVL 32

    Expert Comment

    I agree, tracking down the spoofer will likely not be too productive, unless it turns out that one of your own machines is infected.

    In any case, here are a couple of links that may help:

    Author Comment

    we gave him another email address; stonewall jacoby hit it on the nose

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Is this error real? 2 33
    Android Security Model 3 43
    I think we have a virus 5 36
    Cisco ACS 3415 - making a bootable USB 3 39
    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now