Link to home
Start Free TrialLog in
Avatar of Yann Shukor
Yann ShukorFlag for France

asked on

someone is using our addresses to send spam


My client's, let's call them company X, incoming email (pop) and
websites are managed by a third party, let's call them company Y.

This past week, Y has been receiving alerts indicating that two
of X's email addresses have been sending spam (approx 800
per day)

Our first approach was to change the passwords for these two
accounts which are managed by the service provider who manages
X's domain. Result: no difference.

Incidently I called the service provider to see if the spam is actually
transiting via its smtp servers: nada, clean as a whistle.

I'm trying to get more precise info from Y because the little I have is not
enough to try any feasible attempt at preventing these emissions.

If I understand things correctly:

a) I could spoof my sender's address in order to fool the receivers
    in thinking that I infact belong to X
b) I could change the reply address so that any response would be
    directed at company X
c) A virus could be present on one of X's computers which is using
    Outlook's address book to spam X's contacts, while also pretending
    to be an X recipient

The two incrimintated email addresses belong to a Macintosh (OS X Lion)
and an WinXP computers. The Windows computers at X are all protected
with Symantec Endpoint Protection SBE.

In cases a) and b) even though I hope I'm wrong, I feel pretty powerless
to prevent such an activity.

Well, your ideas as usual may help me look in the right direction while I
await the call from Y to explain to me how they have come across these
complaints, figures, warnings...basically, not sure what yet !


Avatar of Jaroslav Mraz
Jaroslav Mraz
Flag of Slovakia image


anyone can send emails as you but cant use your IP adress but good antispam filter see that the e-mail is not send from your server by DNS control and asking of server. It calld SPF and Caller ID. See more here

How trojan comes to your e-mail. There are more solutions how to do that. From facebook apps, linkedin import contacts, hack your online account on some free mail to just simple try and gernerating via dictionary of know names ...
Avatar of Raiduu
Flag of Estonia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Yann Shukor



thanks for both your answers
You are right, right now the only thing I can do is
to scan the computers at X to clear ay suspicions on
their part.

The contact belonging to the service provider, and dealing
with our specific issue, will be back on Monday

will keep you posted