Email Spoof

We had a user leave the company and use his company email address after he left to send an email to another employee within the company.  Other than the user's email account not being disabled on time, is there another way that the user can spoof with their previous company email address even after their access has been revoked?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
If the user was disabled  from AD, it is not possible access to his/her account using user account. The only way can be if user delegates his mailbox to other user before leave the company. This gives to delegated user rights to this mailbox. Safest way to void this is check permissions on Exchange items.

There is another possibility, he can try to do a mail spoofing if your mail server has not implemented spoof protection like SPF records.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
So when it comes to disabling an AD Account the mailbox is still 100% active. It can receive mail and people that have "Send As" permissions on this account can also Send As this user.

However, in this case what happens is when you disable the AD account any ACTIVE sessions that are opened I.E OWA, Outlook Anywhere (at home) as long as the session is open that user will be able to Send email normally with out any issues.

This is because the client has already authenticated before the account was disabled so the session remains open. The only way to force these sessions to close is to Disable the mailbox and re-enable it.

That forces the mailbox to disconnect from any sessions and then when the mailbox is re-enabled if the user tries to access the mailbox again they will be forced to re-authenticate. At that point they will not be able to because the account is disabled.

The other thing as well is that if the mailbox has any forwarding rules or if there are transport rules that forward email this could also be a possibility as well for sending mail.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.