Exchange Server 2010 with Mail Gateway vs Spam

our  domain Is abc.com and our COO's email address is john@abc.com  ( his full name is john smith  ) . our internal users are getting lot of mails john@nnn.com , john@xxx.com  as fake emails . we undershoot that type of can reach our internal mail users .
but yesterday we got a mail johns@abc.com and display name as COO . so any one can send email using our email domain name  ?
one of my friend told me that some internet sites facilities that type of email address . My question is without any user name in our AD/exchange possible to send the emails using our domain name abc.com ?
if yes how we know the genuine email address .
curAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
The value shown in the 'From:' field can be spoofed.  Open up the email from the COO's mailbox (not a forwarded copy) and pull the headers.  Look for the Return-Path value and the domain used in the Message ID.  Those are both the true source value.
0
Jason CrawfordTransport NinjaCommented:
My company is seeing a rash of the same kind of email.  Random senders signing their name as a legit employee.
0
AlanConsultantCommented:
Hi,

I would implement a Transport Rule that blocks any incoming emails from outside that purport to be from your own domain.

You may need to create a few exceptions (newsletters or similar that come to your users from your company but are generated outside for example).

Something like this:

New Transport Rule
Name = {Whatever you like}
Comment = {Whatever you like - perhaps a link to this discussion? - I always give the future me plenty of help to work out what I did!}

Next

Conditions
    From users that are inside or outside the organisation = Outside Only
    AND
    Where the from address matches = abc.com (Replace with your domain name here)

Next

Actions
    Redirect the message to = yourspammailbox@abc.com (I have a mailbox setup to store these so that I can retrieve if I need to)

Next

Exceptions
    Except when the subject field contains = "ExampleCo Newsletter"

{Click through to the finish}

You will have to work out the exception(s) based on what emails come in from outside that 'pretend' to be from your domain.  Examples might be newsletters, web form emails etc.

I always have spam routed to a separate mailbox and kept for a period so that it can be retrieved if required.

Alan.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlanConsultantCommented:
Solution provided.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.