there was complain from a user inside my organization that he received email from,

and wants to trace whether the name mentioned in that email sent it or somebody on  behalf of this email address

Users seeks for further information which we cannot provide at this point because mailbox audit log is not enabled for the mailbox, also no other user have full access or send as permission on the mailbox (sender)
however we found that it was originated from the IP address, but we couldn’t trace this IP back.
is therea  any way we can trace this ip back to host
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark GalvinManaging Director / Principal ConsultantCommented:

The email address - is this internal or external to your system?

The same for the IP - is this a server you manage or external?

pramod1Author Commented:
this is internal to my organization and we manage
Will SzymkowskiSenior Solution ArchitectCommented:
If you do not have Auditing Enabled then you will not be able to find out the person sending the email. If no users have Send On Behalf or Send As Permissions check to see if you have any applicaitons that are allowed to send Anonymous through one of your receive connectors.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

pramod1Author Commented:
sorry This is not internal domain, MX are pointing, this email address is added as primary smtp to user’s mailbox “Alfaro, Fernando”

Regarding IP I am not sure, we are able to ping this one, but no further information was found on the same
Mark GalvinManaging Director / Principal ConsultantCommented:
If its an external system then there is no way your are going to be able to ascertain if the user sent the email as themselves or on behalf of someone else.

The IP youre getting is likely to be the email server or an external IP with the server being NAtted behind it. That wont give you which user sent the email.

pramod1Author Commented:
from the headers it seems that the email was a MAPI delivery generated from Store on our mailbox server on which the user’s mailbox is hosted, this seems to a MAPI mail and not generated from any application. Most probably user himself send that email or it can be a case of password sharing, for now we cannot determine that.
pramod1Author Commented:
an external user has complained to find out who sent the email.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.