troubleshooting Question

Am I been spoofed???

Avatar of menendeza
menendezaFlag for United States of America asked on
OS Security
4 Comments1 Solution293 ViewsLast Modified:
Sorry if this question does not belong to this forum. Please let me know if this is the case to make sure I'll go to the right place next time.

Today I received a bunch of alerts and emails from an IP address that is not part of our WAN or anything. I'm including the headers of a couple of them below. On the line that says "received: from domain.org" it shows an IP address that is not mine. Is that how I can tell that somebody is spoofing our domain? If so, anything that I can do to prevent this?

Example one:
Microsoft Mail Internet Headers Version 2.0

X-MimeOLE: Produced By Microsoft Exchange V6.5

Received: from mail2.domain.org ([172.16.64.18]) by crmail.domain.local with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Dec 2006 14:28:34 -0700

Received: from domain.org ([71.32.62.144]) by mail2.domain.org with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Dec 2006 14:27:48 -0700

From: <user.contreras@domain.org>

To: <user.musser@domain.org>

Subject: Mail Delivery (failure user.musser@domain.org)

Date: Thu, 14 Dec 2006 14:27:48 -0700

MIME-Version: 1.0

Content-Type: multipart/related;

            type="multipart/alternative";

            boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"

X-Priority: 3

X-MSMail-Priority: Normal

Return-Path: <user.contreras@domain.org>

Message-ID: <SROWA2134IpLcEcLsXJ00001630@mail2.cplc.org>

X-OriginalArrivalTime: 14 Dec 2006 21:27:49.0098 (UTC) FILETIME=[B4392CA0:01C71FC6]


Example 2

Microsoft Mail Internet Headers Version 2.0

X-MimeOLE: Produced By Microsoft Exchange V6.5

Received: from mail2.domain.org ([172.16.64.18]) by crmail.domain.local with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Dec 2006 13:58:26 -0700

Received: from domain.org ([71.32.62.144]) by mail2.domain.org with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Dec 2006 13:58:13 -0700

From: <user.candelaria@anotherdomain.org>

To: <user.gallardo@domain.org>

Subject: I cannot forget you!

Date: Thu, 14 Dec 2006 13:58:17 -0700

MIME-Version: 1.0

Content-Type: multipart/mixed;

            boundary="----=_NextPart_000_0016----=_NextPart_000_0016"

X-Priority: 3

X-MSMail-Priority: Normal

Return-Path: <user.candelaria@anotherdomain.org>

Message-ID: <SROWA2oPXCFbN4TZyab00001325@mail2.domain.org>

X-OriginalArrivalTime: 14 Dec 2006 20:58:13.0905 (UTC) FILETIME=[92203810:01C71FC2]

I can provide more information if needed. Thanks!


ASKER CERTIFIED SOLUTION
Chatable

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros