Timo V
asked on
User receives NDR report of email that he hasn't sent or not found in sent items. Exchange tracking and Mail GW show trace that user sent the mail.
I believe one of our users Email address has been spoofed because he is receiving non-deliverable messages of mails he hasn't sent or doesn't exist in his mailboxes "sent items". Although annoying I think that's pretty harmless.
However what feels alarming to me is that our messaging gateway shows the attempt to send such messages and I can even find them using Exchange 2010 Server tool Message Tracking.
What's common to these mails is that at the start of the subject line it says "Unread:" (or not read, I don't know the term in english because we have different locale) before the actual heading.
Should I be alarmed about this or is this expected behavior when someone receives NDR reports of emails that they have not sent.
However what feels alarming to me is that our messaging gateway shows the attempt to send such messages and I can even find them using Exchange 2010 Server tool Message Tracking.
What's common to these mails is that at the start of the subject line it says "Unread:" (or not read, I don't know the term in english because we have different locale) before the actual heading.
Should I be alarmed about this or is this expected behavior when someone receives NDR reports of emails that they have not sent.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
one can save a reply to the folder that had the original message. does the source IP point to the users computer?
ASKER
I think this article describes what has happened.
https://www.simmonsconsulting.com/2008/10/26/my-outlook-is-sending-spam-but-not-really/
But still it feels weird that I can't find any trace of these emails being received by our mail gateway or Exchange server.
Symantec full scan didn't find anything and yes, the IP points to the users computer.
https://www.simmonsconsulting.com/2008/10/26/my-outlook-is-sending-spam-but-not-really/
But still it feels weird that I can't find any trace of these emails being received by our mail gateway or Exchange server.
Symantec full scan didn't find anything and yes, the IP points to the users computer.
Checking for viruses/malware and verifying the source IP are the two best places to start with this problem.