External user sending email On Behalf Of internal user
I'm a bit puzzled at how this is happening:
We have an external customer who is sending email FROM their email address, On Behalf of one of our internal email addresses. So, For example, let's say "Nick" is the external customer, "Todd" is internal employee, and "Greg" is an internal employee. Nick@external.com sent an email to Greg@internal.com On Behalf Of Todd@internal.com.
How in the world can Nick (Being an external customer) send email to a 3rd person, on behalf of one of our internal users???
I double checked the security tab in AD for our internal users and nothing seems out of place. We can only select from our GAL in Outlook for delegation, so I don't think the user was able to grant Nick send on Behalf permission.
Any thoughts?
We have an external customer who is sending email FROM their email address, On Behalf of one of our internal email addresses. So, For example, let's say "Nick" is the external customer, "Todd" is internal employee, and "Greg" is an internal employee. Nick@external.com sent an email to Greg@internal.com On Behalf Of Todd@internal.com.
How in the world can Nick (Being an external customer) send email to a 3rd person, on behalf of one of our internal users???
I double checked the security tab in AD for our internal users and nothing seems out of place. We can only select from our GAL in Outlook for delegation, so I don't think the user was able to grant Nick send on Behalf permission.
Any thoughts?
anhnt184
It is impossible. You can not do that except External domain and internal domain are trusted.
Nothing to do with permissions.
This can be easily done by false SMTP headers which are interpreted by Outlook as Send on Behalf of.
When it comes to email from outside you cannot trust the From headers. You can put anything you like in to them, as spammers well know.
Simon.
This can be easily done by false SMTP headers which are interpreted by Outlook as Send on Behalf of.
When it comes to email from outside you cannot trust the From headers. You can put anything you like in to them, as spammers well know.
Simon.
ASKER
Right. That's my thoughts, but somehow this external user is sending email
From: Nick [Nick@external.com] On Behalf Of Todd@internal.com
On the incoming message header, it shows:
From: <Todd@internal.com>
Sender: "Nick" <nick@external.com>
To: <greg@internal.com>
From: Nick [Nick@external.com] On Behalf Of Todd@internal.com
On the incoming message header, it shows:
From: <Todd@internal.com>
Sender: "Nick" <nick@external.com>
To: <greg@internal.com>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I could send you an email that says From Steve Jobs on Behalf of Bill Gates if you like!
Simon.
Simon.
ASKER
I understand how spoofing works, I just find it REALLY hard to believe that a VP of construction is messing with SMTP headers.
I was explaining how it could be done. However that isn't to say that whatever email client is being used at the other end will create an email message that does the same thing.
Simon.
Simon.