spam emails from domain

Emails from to our company is blocked .we have contacted the company, and they have assured me that the rogue email has spoofed their email domain as the email did not originate in their systems.

how can we trace the source domain as I think this needs to be blocked, rather than the domain which I think should be a trusted source.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
All you need to do is check the email headers on the email from this domain. It should give you the originating IP address. From there you can perform a Reverse lookup to see if the IP address matches the MX record DNS name. You can also do a Geolocation lookup on the IP address as well to see the origin or the IP.

At that point you can block this IP address on your firewall rather then the domain name.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pramod1Author Commented:
I got this header info , how to do reverse look up ?

in mxtool box
pramod1Author Commented:
is it
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

pramod1Author Commented:
I just checked  with header there are lot of emails from above domain with different ips' in every mail

what should I do
Mohammed HamadaSenior IT ConsultantCommented:
Checking's MX it seems they are using Google (Apps) for mailing system. however their SPF looks totally messed up and including multiple domains.

They need to properly configure their SPF with the domains that they will use to send emails from. in teh snapshot you can see there are multiple domains.

pramod1Author Commented:
where do you see multiple domains,  how single domain will correct this issue
Mohammed HamadaSenior IT ConsultantCommented:
The SPF has multiple domains as you can see it has google, salesforce,, and are all accepted domains in's SPF record.

You can check this your self on the spf is an open standard specifying a technical method to prevent sender address forgery.

The need to fix their SPF in order for their domain not be spoofed and send out spam mail to other mail servers like in your case.

I guess the mails are coming from this domain as you can see the message ID here

Message-ID: <>
pramod1Author Commented:
sorry I have to mohammed half points I missed him
pramod1Author Commented:
how can I give him 250 points
Mohammed HamadaSenior IT ConsultantCommented:
You have to ask the admins's attention to split the points or un assign the answer and then split it
pramod1Author Commented:
I will do , request to kindly check the other ticket
pramod1Author Commented:
to moderator

kindly split the points between will and mohammed
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.