User being accused of spamming

Posted on 2007-11-28
Last Modified: 2010-04-21
A user in my office opened and forwarded a chain email to one of her contacts.

A few days later a different contact asked her to stop sending the email to them on a daily basis. She had not included this contact on the forward.

I ran a virus scan on her computer and came up empty. I also had a local IT company look at the Exchange server to see if he could verify that the email was in fact originating from the server and again we learned nothing.

Over the course of a few days more and more people started emailing her asking her to stop sending the email. It appears that the email is sent on a fairly regular schedule as the timestamp on the email frequently is at 7:14 AM.

I'm at a loss for what to do next.
Question by:agventure
  • 3
  • 2

Expert Comment

ID: 20367815
It is possible that the email is not really being sent by her - in other words her email address is being spoofed on spam messages from someone else.

Do you have a copy of an email that her contacts allege she sent to them?
And has she received any bounce messages saying that an email she sent could not be delivered recently?

If you have a copy of a spam email that she is supposed to have sent you can look at the email headers and identify where it came from - I can talk you through the headers if you do.

Author Comment

ID: 20367879
Unfortunately she had deleted the email before she had found out there was a problem. I had wanted to look at the headers as well.

She has yet to receive a bounce message. All of the recipients who have notified her are people she has emailed in the past.

I'm afraid you're probably right that her address is being spoofed. Do I have any option besides changing her email address if that is the case?

Accepted Solution

whatsoverthere earned 500 total points
ID: 20368155
To tell where the email came from you want to look at the headers on emails that the other people received rather than her copy of the email. So you need them to forward the email that she supposedly sent to them to you.

It's not possible to completely prevent the spoofing. You could set SPF records for your domain (these records tell other people which mail servers are authorised to send emails from your domain) - but many mail servers don't check SPF records anyway.

Author Closing Comment

ID: 31411443
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Author Comment

ID: 20368775
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Outlook Free & Paid Tools
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
CodeTwo Sync for iCloud ( automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now