Link to home
Start Free TrialLog in
Avatar of Timo V
Timo V

asked on

User receives NDR report of email that he hasn't sent or not found in sent items. Exchange tracking and Mail GW show trace that user sent the mail.

I believe one of our users Email address has been spoofed because he is receiving non-deliverable messages of mails he hasn't sent or doesn't exist in his mailboxes "sent items". Although annoying I think that's pretty harmless.

However what feels alarming to me is that our messaging gateway shows the attempt to send such messages and I can even find them using Exchange 2010 Server tool Message Tracking.
What's common to these mails is that at the start of the subject line it says "Unread:" (or not read, I don't know the term in english because we have different locale) before the actual heading.
Should I be alarmed about this or is this expected behavior when someone receives NDR reports of emails that they have not sent.
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
one can save a reply to the folder that had the original message.  does the source IP point to the users computer?
Avatar of Timo V
Timo V

ASKER

I think this article describes what has happened.
https://www.simmonsconsulting.com/2008/10/26/my-outlook-is-sending-spam-but-not-really/

But still it feels weird that I can't find any trace of these emails being received by our mail gateway or Exchange server.

Symantec full scan didn't find anything and yes, the IP points to the users computer.
Checking for viruses/malware and verifying the source IP are the two best places to start with this problem.