Solved

Apparent Email Spoof??

Posted on 2006-11-09
6
179 Views
Last Modified: 2010-05-18
I have a user (Andrew) who uses Outlook over a VPN connection to access our MDAEMON 9 email server.  Every now and then he will recieve an email with a new subject line, but upon opening the email the body is a old message that he sent on a previous date/time.  For example, today he recieved an email from a customer (Lamica) inquiring about hotel reservations for our upcomming users confrence, the subject of the email was called "Registered for Confrence, Las Vegas, but no reservations"  the body of the email read:

Larry, it has been some time since I last communicated with you and wanted to check in to see how your implementation is progressing.

 Please let me know if we can assist, or if you wish to review what we have to offer.

 Best Regards,

 - Andrew


No one else in our organization is experaincing this issue.  I am thinking its either a virus on his home network or on the senders network.  I have scanned our companys network and found nothing.

this occurs both with internal emails and emails from the outside
We are using IMAP 4
He is connecting through SonicWall VPN
I backed up his email to a pst, wiped out his email account and re-created an empty mailbox and he is still having the issue
The problem is not only in outlook but on the webmail as well.

Anyone have any clue why this would happen?  Any virues out there that would cause this?  any suggestions would be helpful.

Thanks
0
Comment
Question by:jyanoff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 2

Expert Comment

by:darkstar245
ID: 17910060
To Further diagnos the issue, do you happen to have a copy of E-mail Headers from the apparent spoofed e-mail?

Maybe if you could post that, along with an actual legitmit E-mail Header from an actual E-mail from this client, we could see exactly where the e-mail is coming from?
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 17912599
My guess is that this is Virus activity on the remote network he sent that mail to , many mail worms do just that , Go through older emails , use them as subject / content , read the address book and send a copy to all contacts  of the worm's binaries attached as a zip file or something .
but to be sure there was an attachment to begin with and that its originating from that site , we will need to take a look at the headers as darkstar245 mentioned .
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 17921669
if you would rather not share your company's email headers since they might contain internal / classified information, then try samspade , which is the #1 utility in Email tracing / analysis , main site is experiencing a problem but here is an alternate download link at majorgeeks
http://www.majorgeeks.com/Sam_Spade_d594.html
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18190648
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question