Solved

email spam question

Posted on 2013-01-22
6
913 Views
Last Modified: 2013-01-24
there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 96

Accepted Solution

by:
Experienced Member earned 225 total points
ID: 38806440
First case: Spammers scour the web for any email addresses they can get. I see all kinds of spam (never into Outlook) that uses my email address and purports to be some legitimate company. It will point to a dodgy website - never deceive yourself on this.

Second case: The user has gone somewhere dodgy and the website has infected the smtp setup causing email to be sent to the user's contact list. I see this as much with Outlook as with gmail.

... Thinkpads_User
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 225 total points
ID: 38806455
The first case is email spoofing... spammers can spoof the senders address quite easily. If they are able to glean the address from the internet, they just insert it in the sender field. When any spam emails fail to reach the destination, the spoofed sender gets the NDR not the spammer.

The second is a primary reason for not using web based email accounts to store contacts. When the browser gets compromised, there go your contacts.
0
 

Author Comment

by:okamon
ID: 38807038
>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 96

Expert Comment

by:Experienced Member
ID: 38807081
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 38807195
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 38815562
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question