How did this spam happen?

This is an example of spam that either comes from or is to
I have a spam rule for spoofed addresses in ESET ENOD32 for Exchange and it does not get tripped.
There must be a way to see the "real" information- how does it know to send this to a Who is it really from???

99.9% of the fictitious contain a virus and is caught before it gets to the user. This one was clean, so it got through.

We do NOT have the Exchange Edge role installed.

Received: from ( by
 ( with Microsoft SMTP Server (TLS) id; Tue, 13 Dec 2011
 11:19:21 -0500
Received: from [] ([])      by
 (8.13.8/8.13.8) with ESMTP id pBDE0NZK030057;      Tue, 13 Dec 2011 09:00:25 -0500
 (EST)      (envelope-from
Received: from [] (account HELO
 by (CommuniGate Pro SMTP 5.4.0) with ESMTPA id 450891943 for
 <>; Tue, 13 Dec 2011 07:19:22 +0700
From: <>
To: <>
Subject: Fwd: Re: Order K01040688
Date: Tue, 13 Dec 2011 07:19:22 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6QPZXM2Y2Z0KFGE78TAKVTZX71B==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3264
Message-ID: <809901ccb9ed$a5914310$728dfeb4@GLEASONMALORIE>
X-MS-Exchange-Organization-SCL: 5
X-EsetResult: clean, is OK
X-EsetId: 1FD3A322D84AB0304990F9
Who is Participating?
setasoujiroConnect With a Mentor Commented:
There could be numerous ways; someone could send a bunch of emails to everypossiblename@yourdomain, and the ones that don't give NDR are valid email addresses. It's called directory harvesting.

The mails from fictious users can be sent by anyone, anyone can send a mail and set the "from" field to

However seems to be the originating IP
johnj_01201Author Commented:
Well in this case, BOTH the sender and the recipient are fake, but a REAL user got it in their mailbox. How did it know to go into a specific mailbox when the mailbox is not listed in the header?
johnj_01201Author Commented:
I forgot I posted a different SPAM question a couple of weeks ago. The answer I needed was there.

This link explains how to find and read the Exchange mail log files.
johnj_01201Author Commented:
question will not close
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.