We help IT Professionals succeed at work.
Get Started

Phishing Email

Mac80 asked
Last Modified: 2015-07-30

We need to block such emails from reaching to end users. Our Anti Spam software (Cloud based) cannot stop it.

See below, The spammer somehow managed to change the reply address in the header so when the user reads the email and press reply, it goes to different recipient.  

They also change the @Company.com to @CompanyX.com so that end user do not notice much.
Also the From email and actual sender email is different and hidden under a envelop.

How we can fix this issues ?
Is there a way we can setup something in exchange to only allow emails with same FROM and reply to address ?  

Received: from MAIL2.ad.int ( by MAIL1.ad.int with Microsoft SMTP Server (TLS) id 15.0.1044.25 via Mailbox
Transport; Thu, 11 Jun 2015 10:52:37 -0400
Received: from CAS1.ad.int ( by MAIL2.ad.int  with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 11 Jun
2015 10:52:36 -0400
Received: from mail2.Company.com ( by CAS1.ad.int with Microsoft SMTP Server id 15.0.1044.25 via Frontend
Transport; Thu, 11 Jun 2015 10:52:37 -0400
X-AuditID: c0a8008f-f79096d000001fd7-74-5579a0b4fbbd
Received: from mx.expurgate.net (mx.expurgate.net [])
               by mail2.Company.com (Symantec Mail Security) with SMTP id 94.97.08151.4B0A9755; Thu, 11 Jun 2015 10:52:37 -0400 (EDT)
Received: from mx.expurgate.net (helo=localhost)
               by mx.expurgate.net with esmtp
               id 1Z33qO-0003A8-CU
               for Simon@Company.com; Thu, 11 Jun 2015 16:52:36 +0200
Received: from [] (helo=p3plwbeout14-01.prod.phx3.secureserver.net)
               by mx.expurgate.net with ESMTP (eXpurgate 4.0.3)
               (envelope-from <athreadgill@prizm-medical.com>)
               id 5579a0b3-2426-adc9c0b6a5fb-1
               for <Simon@Company.com>; Thu, 11 Jun 2015 16:52:36 +0200
Received: from localhost ([])
               by p3plwbeout14-01.prod.phx3.secureserver.net with bizsmtp
               id f2sa1q0025GqY0l012sawu; Thu, 11 Jun 2015 07:52:34 -0700
X-SID: f2sa1q0025GqY0l01
Received: (qmail 9847 invoked by uid 99); 11 Jun 2015 14:52:34 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
User-Agent: Workspace Webmail 5.14.0
Message-ID: <20150611075232.72ca5e260030d244444a6e3ebce15650.6d0305651a.wbe@email14.secureserver.net>
From: Steve <steve@Company.com>
X-Sender: athreadgill@prizm-medical.com
Reply-To: Steve  <Steve@CompanyX.com>
To: <Simon@Company.com>
Subject: Payment
Date: Thu, 11 Jun 2015 07:52:32 -0700
MIME-Version: 1.0
X-purgate-ID: expurgator-d26b21/1434034356-00002426-7129BB3B/0/0
X-purgate-type: clean
X-purgate-size: 787
X-purgate: clean
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRWlGSWpSXmKPExsVyaOKDPN2tCypDDQ594bQ4dXAymwOjx7VJ
Return-Path: athreadgill@prizm-medical.com
X-MS-Exchange-Organization-Network-Message-Id: 8c302a5e-8680-440d-bd70-08d2726d6413
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXutTf;1172500;0;This mail has
been scanned by Trend Micro ScanMail for Microsoft Exchange;
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-AuthSource: CAS1.ad.int
X-MS-Exchange-Organization-AuthAs: Anonymous
Watch Question
Distinguished Expert 2020
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE