Spam to webmaster address lands in users mailbox

Posted on 2008-10-02
Last Modified: 2010-04-21
We have a user that is receiving spam that is meant for
The webmaster email address does not exist in our exchange organisation or if it does I can't find it.
IMF is enabled but no luck in stopping it!
How is this spam making all the way to a users mailbox.
Attached Internet Headers from Outlook 2007.
p.s. removed ip address and dns names of our ISP

Microsoft Mail Internet Headers Version 2.0
Received: from ourisp ([ip_address]) by ourexchange server with Microsoft
 SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:07:05 +0200
Content-Transfer-Encoding: 7bit
Importance: normal
Priority: normal
Received: from ourisp ([ipaddress]) by ourisp with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:06:58 +0200
Received: from ([]) by ourisp
 with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Oct 2008 17:08:32 +0200
From: "Saeng" <Saeng-kremruek@BANKTRUSTBREWTON.COM>
To: <>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_000E_01C924B1.4DA1CAF0"
Subject: We are sure that lengthening will help you boost your intimate life!
Date: Thu, 2 Oct 2008 17:07:08 +0200
Message-ID: <000d01c924a0$8a18faf0$1b972050@claudia>
Thread-Topic: We are sure that lengthening will help you boost your intimate life!
thread-index: AckksU2hOsoP3cUaSamsMQW56QlpLg==
Return-Path: <Saeng-kremruek@BANKTRUSTBREWTON.COM>
X-OriginalArrivalTime: 02 Oct 2008 15:08:32.0734 (UTC) FILETIME=[BC2F17E0:01C924A0]

Content-Type: text/plain;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: C4EA93A3-6506-4D9E-9811-52EDB5923234

Content-Type: text/html;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: D01DAAC3-57A3-4142-9030-343A28A8A373

Question by:SACUADMIN
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2

Expert Comment

ID: 22626203
Is it possible the user has a secondary SMTP address listed in their profile from long ago?  Is email from another account being forwared to this user?

Author Comment

ID: 22626300
I have checked the profile and I can find no reference to the "webmail" address. No email from another account is being forwarded to the user. I am truly stumped.
LVL 16

Expert Comment

ID: 22626412
If you address an email internally to the address, does it go to that user?

Does that address resolve when you enter it in Outlook?  What happens when you click the properties of that address?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22626524
If I address it internally I get...
"The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address".

Properties for the address just brings up the "Email Properties" dialog.

However if I send to it from an external address, it lands straight in the user's mailbox


Expert Comment

ID: 22626568
Are you hosting your own domain on exchange for the email - or are you POP'g an outside server?

Author Comment

ID: 22626596
We are not hosting our own domain on exchange.
Mail is routed via an ISP to our exchange environment.

Accepted Solution

gke565 earned 250 total points
ID: 22626643
I would bet then that the ISP has a forwarded to the user, probably because that was the user that set up the account and the ISP required a webmaster address.  Best to set up a webmaster account internally and have the ISP change the pointer.

Author Comment

ID: 22626701
Thanks I will get in touch with the ISP and find out.

For my education, Are you saying the ISP could create any email address and forward it to a user in our domain and we could do nothing to stop it?

Doesn't sound right? :-(

LVL 16

Expert Comment

ID: 22626720
If they are hosting your Exchange they would be able to.

Expert Comment

ID: 22626725
Some ISPs will require a webmaster or postmaster account as part of their agreement, mostly to deflect questions about your company to you.  You might want to do a whois on your domain and see what the contacts are for it.

Author Comment

ID: 22626833
Thats my worry. They are not hosting our exchange. All the mailboxes and accounts are internal. They are just forwarding mail meant for our domain to our exchange server via a front-end Exchange Server.


Author Closing Comment

ID: 31502440
Thanks it was forwarded by the ISP.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question