Exchange Server 2010 with Mail Gateway vs Spam

our  domain Is abc.com and our COO's email address is john@abc.com  ( his full name is john smith  ) . our internal users are getting lot of mails john@nnn.com , john@xxx.com  as fake emails . we undershoot that type of can reach our internal mail users .
but yesterday we got a mail johns@abc.com and display name as COO . so any one can send email using our email domain name  ?
one of my friend told me that some internet sites facilities that type of email address . My question is without any user name in our AD/exchange possible to send the emails using our domain name abc.com ?
if yes how we know the genuine email address .
curAsked:
Who is Participating?
 
AlanConsultantCommented:
Hi,

I would implement a Transport Rule that blocks any incoming emails from outside that purport to be from your own domain.

You may need to create a few exceptions (newsletters or similar that come to your users from your company but are generated outside for example).

Something like this:

New Transport Rule
Name = {Whatever you like}
Comment = {Whatever you like - perhaps a link to this discussion? - I always give the future me plenty of help to work out what I did!}

Next

Conditions
    From users that are inside or outside the organisation = Outside Only
    AND
    Where the from address matches = abc.com (Replace with your domain name here)

Next

Actions
    Redirect the message to = yourspammailbox@abc.com (I have a mailbox setup to store these so that I can retrieve if I need to)

Next

Exceptions
    Except when the subject field contains = "ExampleCo Newsletter"

{Click through to the finish}

You will have to work out the exception(s) based on what emails come in from outside that 'pretend' to be from your domain.  Examples might be newsletters, web form emails etc.

I always have spam routed to a separate mailbox and kept for a period so that it can be retrieved if required.

Alan.
0
 
Jason CrawfordTransport NinjaCommented:
The value shown in the 'From:' field can be spoofed.  Open up the email from the COO's mailbox (not a forwarded copy) and pull the headers.  Look for the Return-Path value and the domain used in the Message ID.  Those are both the true source value.
0
 
Jason CrawfordTransport NinjaCommented:
My company is seeing a rash of the same kind of email.  Random senders signing their name as a legit employee.
0
 
AlanConsultantCommented:
Solution provided.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.