[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 319
  • Last Modified:

User being accused of spamming

A user in my office opened and forwarded a chain email to one of her contacts.

A few days later a different contact asked her to stop sending the email to them on a daily basis. She had not included this contact on the forward.

I ran a virus scan on her computer and came up empty. I also had a local IT company look at the Exchange server to see if he could verify that the email was in fact originating from the server and again we learned nothing.

Over the course of a few days more and more people started emailing her asking her to stop sending the email. It appears that the email is sent on a fairly regular schedule as the timestamp on the email frequently is at 7:14 AM.

I'm at a loss for what to do next.
0
agventure
Asked:
agventure
  • 3
  • 2
1 Solution
 
whatsoverthereCommented:
It is possible that the email is not really being sent by her - in other words her email address is being spoofed on spam messages from someone else.

Do you have a copy of an email that her contacts allege she sent to them?
And has she received any bounce messages saying that an email she sent could not be delivered recently?

If you have a copy of a spam email that she is supposed to have sent you can look at the email headers and identify where it came from - I can talk you through the headers if you do.
0
 
agventureAuthor Commented:
Unfortunately she had deleted the email before she had found out there was a problem. I had wanted to look at the headers as well.

She has yet to receive a bounce message. All of the recipients who have notified her are people she has emailed in the past.

I'm afraid you're probably right that her address is being spoofed. Do I have any option besides changing her email address if that is the case?
0
 
whatsoverthereCommented:
To tell where the email came from you want to look at the headers on emails that the other people received rather than her copy of the email. So you need them to forward the email that she supposedly sent to them to you.

It's not possible to completely prevent the spoofing. You could set SPF records for your domain (these records tell other people which mail servers are authorised to send emails from your domain) - but many mail servers don't check SPF records anyway.
0
 
agventureAuthor Commented:
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.
0
 
agventureAuthor Commented:
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now