Email scam problem

Some clients are receiving scam emails asking for pay invoices from one account from  our exchange, the account  is not in use  no body has the password to that account just me how is possible the client are receiving email if in the spam filter is not showed emails sent to that client?
PLCITSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
It is quite simple to spoof any email address desired.  All that's needed is access to an open relay.  The sender can specify any sender email desired, and drop in so many fake headers that (without expert human analysis) it looks like the email came from your MTA.

If the email originated outside your network and did not go out through your MTA, then when the header chain is examined by a human this will be obvious.  However, almost no receiving MTAs will outright reject mail that does not match DKIM or SPF, and few even bother to check these.  And nobody I know bothers to check the header chain for authenticity when reading email.

You could ask all your clients to enable strict SPF authentication for your domain, but I daresay most of them will say "Huh? Wazzat?" if you do.

About the best you can do is say "The problem's not under our control and it's not really under your control either.  It's being spoofed outside our network.  However, you can enable SPF and DKIM and that'll solve it."

On the other hand, if the header chain is examined and the spoofed mail really is going out through your MTA, then you have at least one dishonest employee or subverted machine on your network, and in that case you need to chase it down right quick by looking through your outgoing email logs and finding the culprit.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MichelangeloConsultantCommented:
Moreover, Paste scam email headers here
https://testconnectivity.microsoft.com/MHA/Pages/mha.aspx

And see wether its originating from your network
1
JohnBusiness Consultant (Owner)Commented:
Are you using Exchange as a spam filter?  Try a much stronger spam filter. My own mail system deletes these kind of emails all the time. My clients use Hosted Exchange and the spam filters (not Exchange) quarantine these emails.

It is important to improve your spam filters because ransomware uses emails to spread.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.