Unknown Email


A client of mine is receiving a lot of emails from unknown@domain.local to their exchange mailboxes

I have checked and the exchange/smtp server and it's not set to logging as per some of the forum i've seen.

Any other ideas?

Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Something internal is doing it. I cannot really help you much more than that.
Could be a printer, scanner, script, something like that.
There isn't enough in the header to diagnose the source.

Simon Butler (Sembee)ConsultantCommented:
What do the messages actually say? It could simply be a spamming run, or an application that is sending out lots of messages. Not really enough to go on.

If you look at the headers, does that show the source as being external?

ryank85Author Commented:
Hi Simon

The emails are blank, we can only see where the email has come from:-

These are the message headers.

Received: from domain.local ( by SERVER.domain.local
 ( with Microsoft SMTP Server id; Fri, 29 Nov 2013
 02:23:35 +0000
From: "Unknown@domain.local" <Unknown@domain.local>
Date: Fri, 29 Nov 2013 02:23:35 +0000
Thread-Index: Ac7sqgG5VWOy/XkhRPenYqPNlMkRjQ==
Message-ID: <9b85a112-a7cf-415f-afe9-0ff6238f5fd6@Server.domain.local>
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 0a
X-MS-Exchange-Organization-AuthSource: Server.domain.local
X-Auto-Response-Suppress: DR, OOF, AutoReply
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Simon Butler (Sembee)ConsultantCommented:
That is coming off something internal.
How much of that header have you changed? Does it really say unknown? Does the second part match your internal domain, or is it really domain.local?

While I appreciate that you want to hide information, in this case it is actually making it hard to diagnose without knowing what is genuine and what has been changed.

For example, some APC software has @domain.local in there as default.

ryank85Author Commented:
Hi Simon

The only thing that has been changed in the header is the 'domain' the actual name of the domain is the clients name. e.g clientname.local

ryank85Author Commented:
ok thanks for your help
ryank85Author Commented:
no more emails received on this matter
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.