First off Merry Christmas!
Quick query regarding an interesting spam issue I'm observing at work. We use Exchange 2007 and we have a Proofpoint edge device for spam filtration purposes. For the record - the Proofpoint unit has been great as long as I've used it - approx 10 months - and has generally done a great job at holding spam at bay. It auto updates, and any functional issues are quickly addressed by Proofpoint support.
I hadn't known much about Proofpoint but research and colleague accounts show that it is comparable to a Barracuda unit etc. I'm more used to using 3rd party solutions like Message Labs in previous workplaces.
Anyhow - not sure if the festive season means spammers put in extra hours or something - but we've had one particular email - titled 'RE: CV' go around like wildfire. It is targeting only some accounts - then sends itself from those same accounts to other members of the sender's contact list. Interesting enough - it seems to be targeting old addresses mainly - people who are no longer with the business and dont even have an AD or Exchange account anymore.
Basically the behaviour is that it will send itself from internal address 'email@example.com' to the same internal address ie. 'firstname.lastname@example.org' as well as other now stagnant addresses- and it will do it ten times in a row before seemingly taking a rest and pushing off to another account where it will do the same thing over and over.
Virus scans on mail servers etv have all come up clear. I've checked for any open relays and all the usual processes in these kind of events but I'm drawing blanks.
It's just got me bedazzled that it's this one single same spam email. The Proofpoint quarantined list shows this email also being blocked many may times during the same time period - otherwise some of it is trickling through and sending again and again.
Anyone seen this before? Is is a passing thing or something more sinister?
Any advice would go much appreciated! Thanks - Nick.