• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 187
  • Last Modified:

Apparent Email Spoof??

I have a user (Andrew) who uses Outlook over a VPN connection to access our MDAEMON 9 email server.  Every now and then he will recieve an email with a new subject line, but upon opening the email the body is a old message that he sent on a previous date/time.  For example, today he recieved an email from a customer (Lamica) inquiring about hotel reservations for our upcomming users confrence, the subject of the email was called "Registered for Confrence, Las Vegas, but no reservations"  the body of the email read:

Larry, it has been some time since I last communicated with you and wanted to check in to see how your implementation is progressing.

 Please let me know if we can assist, or if you wish to review what we have to offer.

 Best Regards,

 - Andrew


No one else in our organization is experaincing this issue.  I am thinking its either a virus on his home network or on the senders network.  I have scanned our companys network and found nothing.

this occurs both with internal emails and emails from the outside
We are using IMAP 4
He is connecting through SonicWall VPN
I backed up his email to a pst, wiped out his email account and re-created an empty mailbox and he is still having the issue
The problem is not only in outlook but on the webmail as well.

Anyone have any clue why this would happen?  Any virues out there that would cause this?  any suggestions would be helpful.

Thanks
0
jyanoff
Asked:
jyanoff
  • 2
1 Solution
 
darkstar245Commented:
To Further diagnos the issue, do you happen to have a copy of E-mail Headers from the apparent spoofed e-mail?

Maybe if you could post that, along with an actual legitmit E-mail Header from an actual E-mail from this client, we could see exactly where the e-mail is coming from?
0
 
Mohamed OsamaSenior IT ConsultantCommented:
My guess is that this is Virus activity on the remote network he sent that mail to , many mail worms do just that , Go through older emails , use them as subject / content , read the address book and send a copy to all contacts  of the worm's binaries attached as a zip file or something .
but to be sure there was an attachment to begin with and that its originating from that site , we will need to take a look at the headers as darkstar245 mentioned .
0
 
Mohamed OsamaSenior IT ConsultantCommented:
if you would rather not share your company's email headers since they might contain internal / classified information, then try samspade , which is the #1 utility in Email tracing / analysis , main site is experiencing a problem but here is an alternate download link at majorgeeks
http://www.majorgeeks.com/Sam_Spade_d594.html
0
 
Computer101Commented:
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now