Link to home
Start Free TrialLog in
Avatar of Marcaug007
Marcaug007

asked on

Spoofing

I am having an issue with spoofing...I'm running a 200 Exchange server & Symantec Mail Security for SMTP ver 4.  I have a user named John Smith which is constantly having a spoofing problems, I have attached the last email that was rejected, the issue is this user never sent this message.  What is the best method to eliminate this.  Thanx in advance.  This individual is the head of the department so I need a resolution like yesterday so the points are high.
From: System Administrator
Sent: Sunday, June 03, 2007 11:05 PM
To: John Smith
Subject: Undeliverable: Lovers package at discount price+ACE-
Importance: High


Your message did not reach some or all of the intended recipients.

      Subject:      Lovers package at discount price!
      Sent:      6/3/2007 11:03 PM

The following recipient(s) cannot be reached:

      jsmith@seibertkeck.com on 6/3/2007 11:03 PM
            The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            <seibertkeck.com #5.1.1>


Avatar of Barthax
Barthax
Flag of United Kingdom of Great Britain and Northern Ireland image
There is no resolution as you do not have access to kick the butt of the individual performing the spoofing!

In essence, anyone with a little knowledge can send an e-mail as anyone else - and when that message is (r)ejected the message notification gets returned via the correct path to the spoofed individual.

Oh, I'd also advise getting in touch with the community support here before the chap's inbox gets filled with Spam after his e-mail address has been posted here...
Avatar of jako
jako
Flag of Estonia image
You can treat these messages as spam. Label it as you want, these messages most probably are spam. Much of the delivered spam (the ones that get confirmed reads) nowadays is masqueraded as SMTP server rejecting a mail for some obscure reason.
Avatar of jako
jako
Flag of Estonia image
and yes, while I'm not usually a violent person, I too would like to see someone delivering bodily punishment in an entirely non-pleasant manner to the spammer crowd. aaaargh! :D
ASKER CERTIFIED SOLUTION
Avatar of PowerIT
PowerIT
Flag of Belgium image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
There is really no way to prevent receiving a spoofed email.

You can look at the Internet Headers information to see where the email actually originated (but these can also be spoofed). If you want to try it:-

With the Outlook Inbox displayed, right-click on the message and click on the Options command to display the Message Options dialog box.

Internet Headers are best read from the bottom up, as they are added to as the email passes through the system so scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the emails origin. The most important information follows the Return-path: and the Reply-to: fields. If these are different, the email is not who it says its from.
Avatar of NetAdmin2436
NetAdmin2436
Flag of United States of America image
Yep, agree with everyone. Alot of spam is spoofed and unfortunately there's no way to stop it.
It's people like Robert Alan Soloway who we all want to meet in a dark ally someday with a baseball bat in our hand. It's been long overdue, but spammers are f-i-n-a-l-l-y and s-l-o-w-l-y being brought to justice. There are still way to many spammers out there to even raise an eyebrow, but it's a start i guess....
http://www.dailytech.com/Top+Seattle+Spammer+Arrested+on+Multiple+Charges/article7521c.htm

For the future, do not post your email address anywhere on the internet (including EE). Do something like
jsmith at seibertkeck.com which the readers will understand, but a spammers spider program won't understand it and move on. Spammers have programs and whatnot that will crawl the internet for an email address in proper syntax.

For what it's worth send you can *try* to fight back, but it's a losing battle. Just don't hold your breathe...
http://www.ftc.gov/spam/

Spammers, email me!
spam@uce.gov


Hope this helps
Avatar of -Mystique-
-Mystique-
The one thing you DON'T want to do is to reply to the spam or send it back or even click on one of those links some spam letters provide to "remove" you from their subscriptions.  All that does is tell the spammer that your email address is a live email address.  Spammers also can send emails with any kind of name or email address appearing to be the sender of the email.  Spammers often use proxies, so even if you can determine the originating IP in the header, it may not lead to the real source.  Most good spam filters block email with content with the kind of wording you indicate this particular spam contained.
Avatar of sh0e
sh0e
Is this an email acting as a local account being sent to a local account?  Like joe@mycompany.com to joe@mycompany.com?  If so, it should be preventable by disallowing sending mail as local domains and requiring authorization before sending mail.
Avatar of sh0e
sh0e
Sorry, misread the email log.  PowerIT is correct.