I am trying to see if I have something in my Exchange Server that is sending internal Spam. I keep getting junk messages that appear to be coming from inside my organization. I cannot add the sender to the blocked sender list because supposedly they are internal. Not many just one or two every week or so. While looking around inside the Exchange System Manager, more specifically: Exchange System Manager>Domain>Servers>First Storage Group>Mailbox Store (Server)>Mailboxes I have a table listing my users, who logged them in, mailbox size, etc. Most of the users are listed as being last logged in by themselves (Domain\User1, Domain\User2, etc.) However, one of them is being shown as last logged in by "NT Authority\System." What does that mean? I am asking for two reasons, 1) it is different from all the others and 2) it happens to be one of the addresses affected by the periodic spam. If I am barking up the wrong tree what else should I be looking at?