Solved

High Spam Volume From Trusted Users

Posted on 2008-10-06
14
275 Views
Last Modified: 2010-04-21
Outlook is receiving huge volumes of messages that are shown to be from people I normally accept email from.  The messages that are arriving have old dates on them - all have 2007 dates.

Outlook is being used to download email from an AT&T account.  When I log into the email account using webmail I do not find this large volume of spam.

What could be causing this kind spamming?  
0
Comment
Question by:crm-serv
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 14

Accepted Solution

by:
warrenbuckles earned 250 total points
ID: 22656571
Have you looked at the content of any of the messages to be sure they are spam?

It's possible they aren't spam at all, but messages that were left on the server by your previous mail settings - if Outlook (or another mail application) was set to only download headers but not the body of messages AND the messages were not later deleted, they could have been left on the server.  If you changed how Outlook handles messages so that it now downloads the whole message you could be getting many legitimate, although old, messages.

Your Webmail application may be set to only show unread messages, so the old messages don't show up in your view.  Look at all the folders available on the webmail views - there may be a folder with a large number of messages in it.

wb
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22657385
Unless you told Outlook to leave a copy of the email on server otherwise once Outlook downloaded the message it is removed from your mail server. This explains why you didn't see them when you log into your webmail because they are now in your Outlook and have been removed from server.

Check the header of the message. The FROM address may have been spoofed (i.e. it shows the message is originated from personA but actually from someone else - typical virus infection on the offending computer).
0
 

Author Comment

by:crm-serv
ID: 22661771
If the messages are coming from an infected external source what can be done to block them?
0
 
LVL 9

Assisted Solution

by:Press2Esc
Press2Esc earned 250 total points
ID: 22663595
check the mail header and determine the real SENDER/ORIGNATORs IP address. Block the IP, research (*) the IP & (if applicable) report the offenders IP.

P2E

(*) http://www.mxtoolbox.com/blacklists.aspx?IP=x.x.x.x
0
 
LVL 14

Expert Comment

by:warrenbuckles
ID: 22664060
I'm still not sure you are seeing spam/malware.  

This is similar to a situation I had a few years ago:  For about a year - Outlook was set up to leave messages on the server and only remove messages I explicitly deleted.  Everything worked just fine - then I noticed I had set the 'leave messages on server' flag.  I unchecked it and got a flood of 'old' e-mail. (hundreds of messages - it took quite a while to download them all).  This sounds like the situation you are describing.  However, my AV software didn't flag the messages as spam.

Are these messages being flagged as infected by your AV software?

If so, what is the payload's identity?

P2E's suggestion is a good one - unfortunately most spam originates from botnets and has a wide range of originating IP addresses - assuming the originating IP address isn't spoofed.

I'm really puzzled by the dates on your messages - spam/malware from 2007 seems a bit outdated and I'm not sure what the motivation of a spammer would be to use dates like this - it should be easy to block using a date-sensitive filter - reject all messages with 'sent' dates older than, say, three days ago.

wb
0
 

Author Comment

by:crm-serv
ID: 22664066
Thank you both for the input.  I hope by end of this week to be able to test the procedures and ideas you both have proposed.  I will post findings here.
0
 

Author Comment

by:crm-serv
ID: 22699491
I found that Outlook was set to save messages on the server.  IPs for the old messages being downloaded seem to be valid but vary.

Also I am now seeing that the PC freezes when accessing the same email account by webmail.

I have recommended to the owner that we restore using the factory image for his system.  

Any concern with that approach with what I have been able to supply as symptoms.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 9

Expert Comment

by:Press2Esc
ID: 22700066
Of course, if you do not back up the users data, when you restore you will lose it... The PC freezing and webmail/Outlook issues are likely not directly related.  

You can check the (PC) Task Manager to assess the system resources and running processes, have would also update/run their antispyware pgm, check msconfig for unneccesary or questionable startup files, etc...

P2E
0
 
LVL 14

Expert Comment

by:warrenbuckles
ID: 22705620
Rolling back to the original configuration is a pretty drastic solution.  As P2E says, it will wipe out all user settings, data and software installed after the system was received.  In some cases it is the only solution - when a system is corrupted by failing hardware or severe malware infection (root kits, for example, although a reinstall may not remove some particularly nasty root kits).

I agree with P2E: the system sounds like it is running under a very heavy load.  You might want to wait on the reload until you have a better idea of the cause of the problem - if the system is just overloaded reloading the OS will not fix the problem.

I don't know how your system is setup - could you let us know what you have (Make/XP or Vista/CPU/RAM/HDD)?

Start Task Manager after the system is booted but not running anything besides the normal startup programs.  Look at the 'Performance' tab - see how much CPU load you have and what the memory usage is.  The TM graphic displays are a little  different in Vista and XP, but the text-based data in the 'Processes' tab shows the CPU time each process is using - you can sort by CPU time and see if one is hogging things (the idle process will always be on top - a computer spends most of its life waiting for something to do).

Once you have an idea of the system at idle, launch Outlook or your Webmail app and see if the freezeup is actually a case of the system getting loaded to the max and becoming unresponsive.  High system loading will slow down the Task Manager display update but you should be able to see some changes, albeit slowly.  If it's a real freezup the Task Manager displays won't  update at all, of course, and the 'Vulcan nerve pinch' Ctrl-Alt-Del combination will be ineffective.

If you have a real freezeup, a reload of the system software may or may not fix it - if it's happening in Outlook only you could reinstall Outlook.  Some system freezes in Webmail applications are caused by Internet Explorer toolbar applications (Yahoo toolbar apps, for example) - turn these off and see if that helps.

As far as other software goes, msconfig (do Start-Run-msconfig) is useful if you want to prevent some programs/services to start at boot up.  In order for it to be effective you have to know what to look for - here's a tutorial on MSCONFIG:

http://www.netsquirrel.com/msconfig/msconfig_xp.html

and a more exhaustive description from Microsoft:

http://support.microsoft.com/kb/310560

Both of the above are directed at XP - if you have Vista there are other sites that would be useful - just Google on MSCONFIG.

wb
0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 22707962
Task Manager 201...
  click on the Processes tab.  there may be several column headings (e.g., Image Name, PID, USer name, CPU, Memory Usages, etc) - click on CPU letters 2x. In percentage of CPU resources, you will what resource(s) are taking up the CPU horsepower...  If System Idle Process is the 90's, your likely NOT a running process.

At the very bottom of the Task Mgr Window, what numbers are listed at "Processes:" and "CPU Usage:"??

P2E
0
 

Author Comment

by:crm-serv
ID: 22711276
Thanks, I'll followup with the guidance you have provided.
0
 

Author Closing Comment

by:crm-serv
ID: 31503696
I am sorry to say that owner of the problem PC opted out on trying to solve the problem.

I thank you for what I consider to be very helpful guidance in an effort to correctly diagnose and fix the underlying problem.

I believe you provided clear and accurate suggestions for a solution and I regret that we could not confirm the results.

Again thank you all for your help with this.

crm-serv
0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 22721809
It happens...  and understandably so.  PC issues can be extremely expensive & frustrating for non-technical and business end-users.  kinda, like a car that intermittently start up each time you turn the ignition key.   P2E
0
 
LVL 14

Expert Comment

by:warrenbuckles
ID: 22722510
' kinda, like a car that intermittently start up each time you turn the ignition key.  '

Yes, but you shouldn't replace the engine when that happens!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now