spam message

Kamalasekar Parthasarathy
Kamalasekar Parthasarathy used Ask the Experts™
on
Dear Team,

We received a spam message in all our 10000 users from abcs@domain.com but unfortunately one of our user had replied to that spam email and this replied email also has been sent to all our users again.

we checked the header of the message who replied and its mentioned To address is Abcs@domain.com.

Then how all our users had received that message. we need to investigate on this.. kindly advice
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Neil RussellTechnical Development Lead
Commented:
Firstlywho does the NEW spam message come from? From the user who replied or from Abcs@domain.com?

Did they do a reply or reply to all?

If it was sent to ALL 10,000 user in your domain and they have sensible usernames then I am guessing that your system has been compromised in some way. It is unlikely that an external spambot would "Guess" the username of all 10,000 users. Or do you have something really silly like an email alias/distribution group of ALL users?
Kamalasekar ParthasarathyMessaging Support

Author

Commented:
It came first from unknown domain abcs@domain.com but one of our user replied to that email and that reply message is generated to all of our users again.
Send subscribers an email to set that domain as spam. Simple fix..hopefully.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Dave HoweSoftware and Hardware Engineer

Commented:
Usually there is an insecured "all users" mailing list that is actually being addressed. looking at the tracking center for the original mail is usually the first hop.
Kamalasekar ParthasarathyMessaging Support

Author

Commented:
Hi All....

The replied person is confirming that he just reply only to avcs@domain.com and how come its generated to all the user in our organization.

Please Note ther is No DL's in that emails addresses. Need to investigate and how to dig into this issue.

We have done the fix but need to investigate how its generated to all the users.
Software and Hardware Engineer
Commented:
the recipient outlook displays to you need not be the recipient the mail arrived as "for" - most spammers will try to conceal use of a all users distribution list as long as possible. ideally, you should check over any internal lists with obvious names and ensure they are not addressable from outside the organization unless that is their purpose (so generics like "sales@")

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial