• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

Email addressee differs from recipient.

Many of my users have been receiving spam recently, and I was trying to find some commonality between the messages for filtering. When I view the headers, the addressee in the TO: field differs from the actual recipients.

Specifically, this message is addressed to a8gprovidential@dr-mn.com, but when I track the message using the system manager, it lists three valid recipients. I need to understand why they differ and how I can block this.

Thank you.
Microsoft Mail Internet Headers Version 2.0
Received: from slot5.h-pmx-msp-11.binc.net ([64.73.152.173]) by exchange.daytonrogers.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Sun, 19 Apr 2009 05:05:38 -0500
Received: from slot5.h-pmx-msp-11.binc.net (slot5.h-pmx-msp-11.binc.net [10.0.1.173])
	by postfilter.slot5.h-pmx-msp-11.binc.net (Postfix) with SMTP id B996320205;
	Sun, 19 Apr 2009 05:05:37 -0500 (CDT)
Received: from smtp10.roc2.gblx.net (smtp10.roc2.gblx.net [64.215.96.116])
	by slot5.h-pmx-msp-11.binc.net (Postfix) with ESMTP id 36190201F3;
	Sun, 19 Apr 2009 05:05:25 -0500 (CDT)
Received: (from daemon@localhost)
	by smtp10.roc2.gblx.net (8.12.10+Sun/8.12.10) id n3JA5BDq002231;
	Sun, 19 Apr 2009 10:05:11 GMT
Received: from albatrosow2.piaseczno.robbo.pl(194.106.193.201)
 via SMTP by smtp10.roc2.gblx.net, id smtpdAAALbaGFd; Sun Apr 19 10:05:08 2009
Message-ID: <000d01c9c0d6$1b4ee760$6400a8c0@hatched3>
From: "Ladonna Knutson" <hatched3@glasbau-hahn.de>
To: <a8gprovidential@dr-mn.com>
Subject: Hormonal remedies help to satisfy your body needs.
Date: Sun, 19 Apr 2009 12:03:37 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C9C0D6.1B4EE760"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-PMX-Version: 5.3.1.294258, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2009.4.19.93417
X-BEEPS: 0.0/6.0 () HTML_MESSAGE=0.001
X-PerlMx-Spam: Gauge=XIIIII, Probability=15%, Report='RATWARE_MSGID_FROM 1, INTERIA_PL_URI 0.5, HTML_70_90 0.1, KNOWN_FREEWEB_URI 0.05, INVALID_MSGID_NO_FQDN 0, TO_NO_NAME 0, USER_AGENT_OE 0, __CP_URI_IN_BODY 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __HAS_MSGID 0, __HAS_MSMAIL_PRI 0, __HAS_X_MAILER 0, __HAS_X_PRIORITY 0, __KNOWN_FREEWEB_URI1 0, __MIME_HTML 0, __MIME_VERSION 0, __OUTLOOK_MSGID_1 0, __OUTLOOK_MUA 0, __OUTLOOK_MUA_1 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __USER_AGENT_MS_GENERIC 0, __list.dsbl.org_TIMEOUT '
Return-Path: hatched3@glasbau-hahn.de
X-OriginalArrivalTime: 19 Apr 2009 10:05:38.0338 (UTC) FILETIME=[639A9820:01C9C0D6]
 
------=_NextPart_000_0007_01C9C0D6.1B4EE760
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
 
------=_NextPart_000_0007_01C9C0D6.1B4EE760
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
 
 
------=_NextPart_000_0007_01C9C0D6.1B4EE760--

Open in new window

0
leviatdr
Asked:
leviatdr
2 Solutions
 
MesthaCommented:
You cannot rely on the headers when it comes to spam - it will all be false.
The most common spammers trick is to put the recipients in the BCC line, which if course you will not see in the headers.

There is no easy way to block spam, if there was it wouldn't be such a problem. Your antispam application should be able to detect the messages and remove it.

Simon.
0
 
tprpicsCommented:
Leviatdrt,

This is typical when the spammer is blind carbon copying valid reciepients in your domain.  As for how to block it i don't know of a way to do this in Exchange.
0
 
leviatdrAuthor Commented:
I forgot about the BCC field. Thanks for the prompt answers.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now