My client's, let's call them company X, incoming email (pop) and
websites are managed by a third party, let's call them company Y.
This past week, Y has been receiving alerts indicating that two
of X's email addresses have been sending spam (approx 800
Our first approach was to change the passwords for these two
accounts which are managed by the service provider who manages
X's domain. Result: no difference.
Incidently I called the service provider to see if the spam is actually
transiting via its smtp servers: nada, clean as a whistle.
I'm trying to get more precise info from Y because the little I have is not
enough to try any feasible attempt at preventing these emissions.
If I understand things correctly:
a) I could spoof my sender's address in order to fool the receivers
in thinking that I infact belong to X
b) I could change the reply address so that any response would be
directed at company X
c) A virus could be present on one of X's computers which is using
Outlook's address book to spam X's contacts, while also pretending
to be an X recipient
The two incrimintated email addresses belong to a Macintosh (OS X Lion)
and an WinXP computers. The Windows computers at X are all protected
with Symantec Endpoint Protection SBE.
In cases a) and b) even though I hope I'm wrong, I feel pretty powerless
to prevent such an activity.
Well, your ideas as usual may help me look in the right direction while I
await the call from Y to explain to me how they have come across these
complaints, figures, warnings...basically, not sure what yet !