Nyko333
asked on
email / security tracing an e-mail
Hello experts,
I think this question really needs some serious expertise. Here’s the configuration:
Setting: Public School up North.
Os: Win Server 2003
School distict Application : MS- Exchange
Clients: MS-outlook
A few employees are receiving targeted e-mails. These e-mails are not like the regular spam (even though they may fall into this category) since they address very specific information about the employees’ private life and other personal information. The “spammer” is knowledgeable enough to impersonate the user’s own email address. In clear the spammer uses the employee’s own email address ie: janedoe@example.net
to send nasty e-mails to other employees.
Assuming that this spammer is an actual employee of the district, is there any way that he or she can be traced back. The big problem is the fact that the spammer is most likely hiding behind the district’s firewall. What could be the most efficient way to track these e-mails back to the originator? Some applications like “ Visual IP Trace” were used but stopped at the firewall.
Any hints would be greatly appreciated.
Thanks.
I think this question really needs some serious expertise. Here’s the configuration:
Setting: Public School up North.
Os: Win Server 2003
School distict Application : MS- Exchange
Clients: MS-outlook
A few employees are receiving targeted e-mails. These e-mails are not like the regular spam (even though they may fall into this category) since they address very specific information about the employees’ private life and other personal information. The “spammer” is knowledgeable enough to impersonate the user’s own email address. In clear the spammer uses the employee’s own email address ie: janedoe@example.net
to send nasty e-mails to other employees.
Assuming that this spammer is an actual employee of the district, is there any way that he or she can be traced back. The big problem is the fact that the spammer is most likely hiding behind the district’s firewall. What could be the most efficient way to track these e-mails back to the originator? Some applications like “ Visual IP Trace” were used but stopped at the firewall.
Any hints would be greatly appreciated.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the messages are being sent via Exchange servers then your options are very limited. If the messages are being sent via SMTP servers or bounced off an Exchange server then logging on the SMTP servers involved set to the required levels may throw up the IP address that is being used.
Simon.
Simon.
ASKER
Thanks a lot for your feedback. The very first thing I did was to check the headers and I used Visual IP to trace it back to the firewall. However, I am at a dead end at this point and the Exchange Admin is at the same point, meaning lost at the firewall. I was wondering if there's a software package outhere that could take the info from the exchange log files and trace it back to the originator. There should logically be some kind of a digital stamp for every email that a client send out. I am also considering Shivan's suggestion of bringing in the authority but it will be the last move. I'll wait a couple of days for some more feedback and take it from there.
Thanks to both of you for your insights.
Nyko.