User being accused of spamming

Posted on 2007-11-28
Last Modified: 2010-04-21
A user in my office opened and forwarded a chain email to one of her contacts.

A few days later a different contact asked her to stop sending the email to them on a daily basis. She had not included this contact on the forward.

I ran a virus scan on her computer and came up empty. I also had a local IT company look at the Exchange server to see if he could verify that the email was in fact originating from the server and again we learned nothing.

Over the course of a few days more and more people started emailing her asking her to stop sending the email. It appears that the email is sent on a fairly regular schedule as the timestamp on the email frequently is at 7:14 AM.

I'm at a loss for what to do next.
Question by:agventure
  • 3
  • 2

Expert Comment

ID: 20367815
It is possible that the email is not really being sent by her - in other words her email address is being spoofed on spam messages from someone else.

Do you have a copy of an email that her contacts allege she sent to them?
And has she received any bounce messages saying that an email she sent could not be delivered recently?

If you have a copy of a spam email that she is supposed to have sent you can look at the email headers and identify where it came from - I can talk you through the headers if you do.

Author Comment

ID: 20367879
Unfortunately she had deleted the email before she had found out there was a problem. I had wanted to look at the headers as well.

She has yet to receive a bounce message. All of the recipients who have notified her are people she has emailed in the past.

I'm afraid you're probably right that her address is being spoofed. Do I have any option besides changing her email address if that is the case?

Accepted Solution

whatsoverthere earned 500 total points
ID: 20368155
To tell where the email came from you want to look at the headers on emails that the other people received rather than her copy of the email. So you need them to forward the email that she supposedly sent to them to you.

It's not possible to completely prevent the spoofing. You could set SPF records for your domain (these records tell other people which mail servers are authorised to send emails from your domain) - but many mail servers don't check SPF records anyway.

Author Closing Comment

ID: 31411443
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Author Comment

ID: 20368775
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now