A customer of mine keeps getting spam emails from email@example.com to firstname.lastname@example.org. They are using Trend Micro's Hosted Email Security for their spam. A policy is active to block *@theirdomain.net to *@theirdomain.net
Normally this would stop the spoofing, but the mails keep getting through. The strange thing is that the mailheaders don't point out that this mail is being filtered by trend micro. Maybe a client is infected with a virus that keeps sending spam?
This is the mailheader from the emails:
Received: from 184.108.40.206.BTI.NET.PH (220.127.116.11) by buro.theirdomain.net
(192.168.0.1) with Microsoft SMTP Server id 18.104.22.168; Wed, 10 Aug 2011
Received: from 22.214.171.124 (account <email@example.com> HELO theirdomain.net) by
theirdomain.net (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 264460314 for
<firstname.lastname@example.org>; Wed, 10 Aug 2011 15:48:22 +0800
From: info <email@example.com>
To: info <firstname.lastname@example.org>
Date: Wed, 10 Aug 2011 09:48:22 +0200
Subject: Job Proposal
Thread-Topic: Job Proposal
received-spf: None (SBS.theirdomain.local: email@example.com does not designate
permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
I hope some of you can shed a light on this.