Solved

How do i find out where from the network an email originated from

Posted on 2011-09-16
1
234 Views
Last Modified: 2012-05-12
Hi all,
Of late i have been having a problem, one of the users in my network has been receiving delivery failure messages yet he hasn't sent any emails out. Even when his computer is off messages still are being sent from his account. I am able to find the emails in the message tracking center in the exchange system manager. Is there a way of tracking the specific location in the network that the email originated from?
0
Comment
Question by:Petersennik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 250 total points
ID: 36549303
Are you sure you're finding the original *outbound* email in the MT, and not just the inbound NDR (which correspond to the messages your user is showing you)?

This sort of this is most often the result of spam being sent from other systems with a forged Reply-To or <MailFrom> address in the header.  This results in NDRs being sent to random people (instead of clogging up the spamming host with return traffic it doesn't care about).

If that's the case, there's virtually no way to determine the origin of the messages with the forged Reply-To.  If you're lucky, you'll get an NDR with a detailed SMTP transcript in the body.  If you get one of those, let me know...

Other than that, you can bet that this is the result of:
a) a machine not even on your network that has been infected with malware, where the machine user has *your* user's email address on file.
...or...
b) the result of your user's email address having been harvested (or stolen) from some web form somewhere - where the data was entered by your user (to sign up for something, or whatever).

Either way, you're probably not looking at a root cause you can do anything about.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCHANGE, SPF 2 55
exchange 16 49
Outlook 2016 connecting to SBS 2011 (Exchange 2010) 2 47
MS Exchange 2016 license 5 34
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question