My co-worker is receiving several Undeliverable emails, when she did not send any email to the recipients. How can that be?

Over the last few hours, a co-worker has received 5 emails, from different IP addresses, with the subject line:  "Undeliverable: any text here".

Related IP: 104.47.2.210
Related IP: 104.47.2.215
Related IP: 204.154.183.70
Related IP: 88.87.45.45
Related IP: 88.87.45.47

When I review the Exchange Server logs, there are no entries of her sending any email to the recipients.  

When I look at the complete Header of the emails, I see they originated in a country other than the US, then are routed through mail Servers in the US, then to her Inbox.

Her email address is the "Reply To" address.

How can I identify the problem here?
eemmpphAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Check to see if the person’s email address has been spoofed. This is very common and is normally caught by a good spam filter. Make sure the the user ‘ s machine has not been compromised and is sending out spam
1
eemmpphAuthor Commented:
how do i check to see if her email address as been spoofed?
0
eemmpphAuthor Commented:
What do I check for, to see if her compuer has been compromised?  What are the "signs" of a compromise?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

JohnBusiness Consultant (Owner)Commented:
You cannot check for spoofing but you can check thoroughly for viruses
0
eemmpphAuthor Commented:
I do have Symantec Enterprise Protection running on her computer, which does a full system scan every night.
0
JohnBusiness Consultant (Owner)Commented:
Thanks. It is likely spoofed email. I depend upon my spam filter to stop this. If the spam filter does not stop this, then just delete the return emails
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason CrawfordTransport NinjaCommented:
What you're describing sounds like backscatter.  Your best bet will be to configure SPF, DKIM, and/or DMARC rDNS records and, if the NDRs are causing an issue for the recipient, possibly a transport rule to block NDRs containing the user in the Reply-To address.
1
eemmpphAuthor Commented:
Thank you John, I appreciate it.
0
JohnBusiness Consultant (Owner)Commented:
You are very welcome and I was happy to help you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.