• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 124
  • Last Modified:

Spoofed Email

One of our users on Exchange Server has been receiving messages from our system with the subject "Undeliverable..." from "Mail System Delivery".  We've determined that the one user's email address has been spoofed from a server in Mexico.  In the past 2 hours, she has received maybe 10 of these messages.  Is there a way to "unspoof" the user's email address?
0
rsaba
Asked:
rsaba
2 Solutions
 
Scott CSenior Systems EnginerCommented:
No, spoofing is done on the outside and there is little if anything that can be done to stop it.

About all you can do is change you user's email address and block the old one using a transport rule.
1
 
JohnBusiness Consultant (Owner)Commented:
Or (as I have used successfully) change the user's password. The spoofing will die down and they cannot get back in. Changing email address is certainly good but people do not like doing that. Changing passwords is second best and takes time.
0
 
Dave BaldwinFixer of ProblemsCommented:
Scott is correct.  This is a common way for spammers to get past the spam filters because nobody blocks email sent to themselves.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
El FierroNetwork EngineerCommented:
i had that recently happen, i ended up resetting the users account password. after i did that the spoofed undeliverable emails stopped. i also rans some antivirus/malware scans on his machine. he was the only one with that problem. it stopped but its on my to do list to further investigate.
0
 
rindiCommented:
I can't imagine how changing a password would stop email spoofing. You don't need the user's password to spoof him. You'd only need it if you used his actual mail server and account to send email. But that isn't spoofing.
0
 
JohnBusiness Consultant (Owner)Commented:
If the account requires authentication, the spoofer will be trying (may be trying) to send from a changed account.
0
 
rindiCommented:
He doesn't need the account at all. For spoofing emails he uses another mail server (probably with open relay), and he can spoof your real mail account so it looks the same. If the message he sends doesn't reach the recipient (because he doesn't exist, spammers try every possible email combination, and a large number of them won't exist), it bounces back to your account (and not the spoofing account). with the message that it failed. For that he doesn't need any knowledge of your actual account, he may just have guessed a name@domain.x combination and happened to find one that actually exists.
0
 
Todd NelsonSystems EngineerCommented:
Do you have a SPF (TXT) record configured in your public DNS for your email domain?

It will help a bit provided the recipient domains are checking for valid sender origins--which a spoofer generally does not send from within your environment.

An example of an SPF record would look similar to this...

v=spf1 mx a ip4:ENTER_YOUR_OUTBOUND_IP_ADDRESS_HERE -all

Open in new window


References...
0
 
JohnBusiness Consultant (Owner)Commented:
I know there are several ways to spoof email and yes some of them do not use an account.
0
 
jhyieslaCommented:
It's a long term solution, but yo could invest in an anti-spam service that includes an anti-spoofing feature. We use MimeCast and it works really well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now