?
Solved

Spoofed Email

Posted on 2016-09-21
10
Medium Priority
?
90 Views
Last Modified: 2016-09-22
One of our users on Exchange Server has been receiving messages from our system with the subject "Undeliverable..." from "Mail System Delivery".  We've determined that the one user's email address has been spoofed from a server in Mexico.  In the past 2 hours, she has received maybe 10 of these messages.  Is there a way to "unspoof" the user's email address?
0
Comment
Question by:rsaba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 31

Accepted Solution

by:
Scott C earned 1000 total points
ID: 41809647
No, spoofing is done on the outside and there is little if anything that can be done to stop it.

About all you can do is change you user's email address and block the old one using a transport rule.
1
 
LVL 97

Assisted Solution

by:Experienced Member
Experienced Member earned 1000 total points
ID: 41809653
Or (as I have used successfully) change the user's password. The spoofing will die down and they cannot get back in. Changing email address is certainly good but people do not like doing that. Changing passwords is second best and takes time.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41809654
Scott is correct.  This is a common way for spammers to get past the spam filters because nobody blocks email sent to themselves.
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 4

Expert Comment

by:El Fierro
ID: 41809659
i had that recently happen, i ended up resetting the users account password. after i did that the spoofed undeliverable emails stopped. i also rans some antivirus/malware scans on his machine. he was the only one with that problem. it stopped but its on my to do list to further investigate.
0
 
LVL 88

Expert Comment

by:rindi
ID: 41809714
I can't imagine how changing a password would stop email spoofing. You don't need the user's password to spoof him. You'd only need it if you used his actual mail server and account to send email. But that isn't spoofing.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41809716
If the account requires authentication, the spoofer will be trying (may be trying) to send from a changed account.
0
 
LVL 88

Expert Comment

by:rindi
ID: 41809736
He doesn't need the account at all. For spoofing emails he uses another mail server (probably with open relay), and he can spoof your real mail account so it looks the same. If the message he sends doesn't reach the recipient (because he doesn't exist, spammers try every possible email combination, and a large number of them won't exist), it bounces back to your account (and not the spoofing account). with the message that it failed. For that he doesn't need any knowledge of your actual account, he may just have guessed a name@domain.x combination and happened to find one that actually exists.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41809740
Do you have a SPF (TXT) record configured in your public DNS for your email domain?

It will help a bit provided the recipient domains are checking for valid sender origins--which a spoofer generally does not send from within your environment.

An example of an SPF record would look similar to this...

v=spf1 mx a ip4:ENTER_YOUR_OUTBOUND_IP_ADDRESS_HERE -all

Open in new window


References...
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41809744
I know there are several ways to spoof email and yes some of them do not use an account.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41810739
It's a long term solution, but yo could invest in an anti-spam service that includes an anti-spoofing feature. We use MimeCast and it works really well.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question