Solved

Spam to webmaster address lands in users mailbox

Posted on 2008-10-02
12
486 Views
Last Modified: 2010-04-21
We have a user that is receiving spam that is meant for webmaster@ourdomain.com
The webmaster email address does not exist in our exchange organisation or if it does I can't find it.
IMF is enabled but no luck in stopping it!
How is this spam making all the way to a users mailbox.
Attached Internet Headers from Outlook 2007.
p.s. removed ip address and dns names of our ISP

-----------------------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from ourisp ([ip_address]) by ourexchange server with Microsoft
 SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:07:05 +0200
Content-Transfer-Encoding: 7bit
Importance: normal
Priority: normal
Received: from ourisp ([ipaddress]) by ourisp with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 17:06:58 +0200
Received: from 27.Red-80-32-151.staticIP.rima-tde.net ([80.32.151.27]) by ourisp
 with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Oct 2008 17:08:32 +0200
From: "Saeng" <Saeng-kremruek@BANKTRUSTBREWTON.COM>
To: <webmaster@ourdomain.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_000E_01C924B1.4DA1CAF0"
Subject: We are sure that lengthening will help you boost your intimate life!
Date: Thu, 2 Oct 2008 17:07:08 +0200
Message-ID: <000d01c924a0$8a18faf0$1b972050@claudia>
X-MS-TNEF-Correlator:
Thread-Topic: We are sure that lengthening will help you boost your intimate life!
thread-index: AckksU2hOsoP3cUaSamsMQW56QlpLg==
Return-Path: <Saeng-kremruek@BANKTRUSTBREWTON.COM>
X-OriginalArrivalTime: 02 Oct 2008 15:08:32.0734 (UTC) FILETIME=[BC2F17E0:01C924A0]

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/plain;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: C4EA93A3-6506-4D9E-9811-52EDB5923234

------=_NextPart_000_000E_01C924B1.4DA1CAF0
Content-Type: text/html;charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: D01DAAC3-57A3-4142-9030-343A28A8A373


------=_NextPart_000_000E_01C924B1.4DA1CAF0--
0
Comment
Question by:SACUADMIN
  • 6
  • 4
  • 2
12 Comments
 
LVL 3

Expert Comment

by:gke565
ID: 22626203
Is it possible the user has a secondary SMTP address listed in their profile from long ago?  Is email from another account being forwared to this user?
0
 

Author Comment

by:SACUADMIN
ID: 22626300
I have checked the profile and I can find no reference to the "webmail" address. No email from another account is being forwarded to the user. I am truly stumped.
0
 
LVL 16

Expert Comment

by:robrandon
ID: 22626412
If you address an email internally to the webmaster@ourdomain.com address, does it go to that user?

Does that address resolve when you enter it in Outlook?  What happens when you click the properties of that address?
0
 

Author Comment

by:SACUADMIN
ID: 22626524
If I address it internally I get...
"The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address".

Properties for the address just brings up the "Email Properties" dialog.

However if I send to it from an external address, it lands straight in the user's mailbox

0
 
LVL 3

Expert Comment

by:gke565
ID: 22626568
Are you hosting your own domain on exchange for the email - or are you POP'g an outside server?
0
 

Author Comment

by:SACUADMIN
ID: 22626596
We are not hosting our own domain on exchange.
Mail is routed via an ISP to our exchange environment.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Accepted Solution

by:
gke565 earned 250 total points
ID: 22626643
I would bet then that the ISP has a forwarded to the user, probably because that was the user that set up the account and the ISP required a webmaster address.  Best to set up a webmaster account internally and have the ISP change the pointer.
0
 

Author Comment

by:SACUADMIN
ID: 22626701
Thanks I will get in touch with the ISP and find out.

For my education, Are you saying the ISP could create any email address and forward it to a user in our domain and we could do nothing to stop it?

Doesn't sound right? :-(

0
 
LVL 16

Expert Comment

by:robrandon
ID: 22626720
If they are hosting your Exchange they would be able to.
0
 
LVL 3

Expert Comment

by:gke565
ID: 22626725
Some ISPs will require a webmaster or postmaster account as part of their agreement, mostly to deflect questions about your company to you.  You might want to do a whois on your domain and see what the contacts are for it.
0
 

Author Comment

by:SACUADMIN
ID: 22626833
Thats my worry. They are not hosting our exchange. All the mailboxes and accounts are internal. They are just forwarding mail meant for our domain to our exchange server via a front-end Exchange Server.

0
 

Author Closing Comment

by:SACUADMIN
ID: 31502440
Thanks it was forwarded by the ISP.
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now