User being accused of spamming

Posted on 2007-11-28
Medium Priority
Last Modified: 2010-04-21
A user in my office opened and forwarded a chain email to one of her contacts.

A few days later a different contact asked her to stop sending the email to them on a daily basis. She had not included this contact on the forward.

I ran a virus scan on her computer and came up empty. I also had a local IT company look at the Exchange server to see if he could verify that the email was in fact originating from the server and again we learned nothing.

Over the course of a few days more and more people started emailing her asking her to stop sending the email. It appears that the email is sent on a fairly regular schedule as the timestamp on the email frequently is at 7:14 AM.

I'm at a loss for what to do next.
Question by:agventure
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 20367815
It is possible that the email is not really being sent by her - in other words her email address is being spoofed on spam messages from someone else.

Do you have a copy of an email that her contacts allege she sent to them?
And has she received any bounce messages saying that an email she sent could not be delivered recently?

If you have a copy of a spam email that she is supposed to have sent you can look at the email headers and identify where it came from - I can talk you through the headers if you do.

Author Comment

ID: 20367879
Unfortunately she had deleted the email before she had found out there was a problem. I had wanted to look at the headers as well.

She has yet to receive a bounce message. All of the recipients who have notified her are people she has emailed in the past.

I'm afraid you're probably right that her address is being spoofed. Do I have any option besides changing her email address if that is the case?

Accepted Solution

whatsoverthere earned 2000 total points
ID: 20368155
To tell where the email came from you want to look at the headers on emails that the other people received rather than her copy of the email. So you need them to forward the email that she supposedly sent to them to you.

It's not possible to completely prevent the spoofing. You could set SPF records for your domain (these records tell other people which mail servers are authorised to send emails from your domain) - but many mail servers don't check SPF records anyway.

Author Closing Comment

ID: 31411443
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Author Comment

ID: 20368775
Thanks! I'll see what I can come up with from the header. If worse comes to worse I'll just change the user's email address so those people being spammed can just set it to their block lists.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question