Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do i find out where from the network an email originated from

Posted on 2011-09-16
1
Medium Priority
?
249 Views
Last Modified: 2012-05-12
Hi all,
Of late i have been having a problem, one of the users in my network has been receiving delivery failure messages yet he hasn't sent any emails out. Even when his computer is off messages still are being sent from his account. I am able to find the emails in the message tracking center in the exchange system manager. Is there a way of tracking the specific location in the network that the email originated from?
0
Comment
Question by:Petersennik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 1000 total points
ID: 36549303
Are you sure you're finding the original *outbound* email in the MT, and not just the inbound NDR (which correspond to the messages your user is showing you)?

This sort of this is most often the result of spam being sent from other systems with a forged Reply-To or <MailFrom> address in the header.  This results in NDRs being sent to random people (instead of clogging up the spamming host with return traffic it doesn't care about).

If that's the case, there's virtually no way to determine the origin of the messages with the forged Reply-To.  If you're lucky, you'll get an NDR with a detailed SMTP transcript in the body.  If you get one of those, let me know...

Other than that, you can bet that this is the result of:
a) a machine not even on your network that has been infected with malware, where the machine user has *your* user's email address on file.
...or...
b) the result of your user's email address having been harvested (or stolen) from some web form somewhere - where the data was entered by your user (to sign up for something, or whatever).

Either way, you're probably not looking at a root cause you can do anything about.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question