Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

email spam question

Posted on 2013-01-22
6
Medium Priority
?
920 Views
Last Modified: 2013-01-24
there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
0
Comment
Question by:okamon
  • 3
  • 2
6 Comments
 
LVL 99

Accepted Solution

by:
John Hurst earned 675 total points
ID: 38806440
First case: Spammers scour the web for any email addresses they can get. I see all kinds of spam (never into Outlook) that uses my email address and purports to be some legitimate company. It will point to a dodgy website - never deceive yourself on this.

Second case: The user has gone somewhere dodgy and the website has infected the smtp setup causing email to be sent to the user's contact list. I see this as much with Outlook as with gmail.

... Thinkpads_User
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 675 total points
ID: 38806455
The first case is email spoofing... spammers can spoof the senders address quite easily. If they are able to glean the address from the internet, they just insert it in the sender field. When any spam emails fail to reach the destination, the spoofed sender gets the NDR not the spammer.

The second is a primary reason for not using web based email accounts to store contacts. When the browser gets compromised, there go your contacts.
0
 

Author Comment

by:okamon
ID: 38807038
>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 99

Expert Comment

by:John Hurst
ID: 38807081
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 38807195
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 38815562
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question