Spam sent to new email address within an hour of setting it up

Hi all,

I have two email domains set up on my Exchange 2010 infrastructure... and is being used at the moment. will be migrated to in time.

This morning I set up a new mailbox.

The email address has not been given out and is not currently being used.

Within one hour, my anti virus solution was informing me that it was blocking spam emails sent to this new email address.

My question is how the spammers have found the existence of this new mailbox so quickly, given that it is not being used and its details haven't been given out to anyone.

Am I compromised in some way?

The GAL for Outlook regenerates at 4am, so no one will have this mailbox in their OAB yet (although Terminal Server users hit the GAL directly and don't use the OAB - but I am sure that that is secure).

Any recommendations as to things I can investigate to try and figure this one out?

Thanks for reading.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

R--RCommented: has a mx record right? The Mx is created on public DNS and thats the reason t is possible to know.
StengleAuthor Commented:
Yes, the has an MX record, but how do the spammers know that this new mailbox is valid as it was only created an hour ago!

I'm wondering if my Edge Transport Server is infected or something..
Apart from the what has been mentioned above, the actual address (the part before the @) doesn't need to be known. The spammers just send out mails to as many possible random names. Some of those will probably fit n actual address. Also, they probably don't even check whether there is an MX record for a domain. As most registered domains also have their emails addresses matched to their domain names, they will just try them.
Sudeep SharmaTechnical DesignerCommented:
Are all the other systems infection free? Virus generally scan the user address book and if they have User's credentials they scan the Global Address Book to get the email addresses.

Further now-a-days one also need to make sure the Smart Phones are also infection/virus free since people sync the address book, contact apart from the emails also.

For testing you could create a User and mailbox, but hide it from Address Book and notice if you would receive any spam email for that Mailbox. But if you unhide it, you would.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StengleAuthor Commented:
The mailbox that was being spammed an hour after being created was for an Indonesian guy which was pretty unguessable for spammers. Anyway, think we found a virus on a machine and things seemed to have calmed down a little. Thanks for all the replies.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.