We help IT Professionals succeed at work.

Spoofing

629 Views
Last Modified: 2013-12-05
I am having an issue with spoofing...I'm running a 200 Exchange server & Symantec Mail Security for SMTP ver 4.  I have a user named John Smith which is constantly having a spoofing problems, I have attached the last email that was rejected, the issue is this user never sent this message.  What is the best method to eliminate this.  Thanx in advance.  This individual is the head of the department so I need a resolution like yesterday so the points are high.
From: System Administrator
Sent: Sunday, June 03, 2007 11:05 PM
To: John Smith
Subject: Undeliverable: Lovers package at discount price+ACE-
Importance: High


Your message did not reach some or all of the intended recipients.

      Subject:      Lovers package at discount price!
      Sent:      6/3/2007 11:03 PM

The following recipient(s) cannot be reached:

      jsmith@seibertkeck.com on 6/3/2007 11:03 PM
            The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            <seibertkeck.com #5.1.1>


Comment
Watch Question

CERTIFIED EXPERT

Commented:
There is no resolution as you do not have access to kick the butt of the individual performing the spoofing!

In essence, anyone with a little knowledge can send an e-mail as anyone else - and when that message is (r)ejected the message notification gets returned via the correct path to the spoofed individual.

Oh, I'd also advise getting in touch with the community support here before the chap's inbox gets filled with Spam after his e-mail address has been posted here...
jakosysadmin

Commented:
You can treat these messages as spam. Label it as you want, these messages most probably are spam. Much of the delivered spam (the ones that get confirmed reads) nowadays is masqueraded as SMTP server rejecting a mail for some obscure reason.
jakosysadmin

Commented:
and yes, while I'm not usually a violent person, I too would like to see someone delivering bodily punishment in an entirely non-pleasant manner to the spammer crowd. aaaargh! :D
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
There is really no way to prevent receiving a spoofed email.

You can look at the Internet Headers information to see where the email actually originated (but these can also be spoofed). If you want to try it:-

With the Outlook Inbox displayed, right-click on the message and click on the Options command to display the Message Options dialog box.

Internet Headers are best read from the bottom up, as they are added to as the email passes through the system so scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the emails origin. The most important information follows the Return-path: and the Reply-to: fields. If these are different, the email is not who it says its from.
Yep, agree with everyone. Alot of spam is spoofed and unfortunately there's no way to stop it.
It's people like Robert Alan Soloway who we all want to meet in a dark ally someday with a baseball bat in our hand. It's been long overdue, but spammers are f-i-n-a-l-l-y and s-l-o-w-l-y being brought to justice. There are still way to many spammers out there to even raise an eyebrow, but it's a start i guess....
http://www.dailytech.com/Top+Seattle+Spammer+Arrested+on+Multiple+Charges/article7521c.htm

For the future, do not post your email address anywhere on the internet (including EE). Do something like
jsmith at seibertkeck.com which the readers will understand, but a spammers spider program won't understand it and move on. Spammers have programs and whatnot that will crawl the internet for an email address in proper syntax.

For what it's worth send you can *try* to fight back, but it's a losing battle. Just don't hold your breathe...
http://www.ftc.gov/spam/

Spammers, email me!
spam@uce.gov


Hope this helps
The one thing you DON'T want to do is to reply to the spam or send it back or even click on one of those links some spam letters provide to "remove" you from their subscriptions.  All that does is tell the spammer that your email address is a live email address.  Spammers also can send emails with any kind of name or email address appearing to be the sender of the email.  Spammers often use proxies, so even if you can determine the originating IP in the header, it may not lead to the real source.  Most good spam filters block email with content with the kind of wording you indicate this particular spam contained.

Commented:
Is this an email acting as a local account being sent to a local account?  Like joe@mycompany.com to joe@mycompany.com?  If so, it should be preventable by disallowing sending mail as local domains and requiring authorization before sending mail.

Commented:
Sorry, misread the email log.  PowerIT is correct.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.