Solved

How do i find out where from the network an email originated from

Posted on 2011-09-16
1
233 Views
Last Modified: 2012-05-12
Hi all,
Of late i have been having a problem, one of the users in my network has been receiving delivery failure messages yet he hasn't sent any emails out. Even when his computer is off messages still are being sent from his account. I am able to find the emails in the message tracking center in the exchange system manager. Is there a way of tracking the specific location in the network that the email originated from?
0
Comment
Question by:Petersennik
1 Comment
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 250 total points
ID: 36549303
Are you sure you're finding the original *outbound* email in the MT, and not just the inbound NDR (which correspond to the messages your user is showing you)?

This sort of this is most often the result of spam being sent from other systems with a forged Reply-To or <MailFrom> address in the header.  This results in NDRs being sent to random people (instead of clogging up the spamming host with return traffic it doesn't care about).

If that's the case, there's virtually no way to determine the origin of the messages with the forged Reply-To.  If you're lucky, you'll get an NDR with a detailed SMTP transcript in the body.  If you get one of those, let me know...

Other than that, you can bet that this is the result of:
a) a machine not even on your network that has been infected with malware, where the machine user has *your* user's email address on file.
...or...
b) the result of your user's email address having been harvested (or stolen) from some web form somewhere - where the data was entered by your user (to sign up for something, or whatever).

Either way, you're probably not looking at a root cause you can do anything about.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question