# [SOLVED] Corporate email sending spam



## NEW2IT (Jan 25, 2008)

I noticed yesterday in our spam filter that one of our email accounts received a bunch of delivery failures, and that account was not used yesterday as that person is on vacation. Since the filter caught them I just deleted them and moved on. My boss called me this morning and told me he had received a bunch of failures that the filter did not catch. I looked into a few and it seems that somehow spam emails that we normally receive are being sent out via his email address and then are being blocked or sent to invalid addresses and sent back. We use Groupwise on a Novell server over a LAN. I am not sure what is happening or what to do?


----------



## Cellus (Aug 31, 2006)

*Re: Corporate email sending spam*

Before jumping to any conclusions I recommend you inspect the e-mail headers and logs and really check to see where they actually came from. It is not uncommon in spam tactics to spoof the e-mail address and have it say it originated from you to fool the spam filters. Really check to make sure if the delivery failures are actual delivery failures, and really check to make sure suspect mail that may have originated from you actually came from you.

It can be very annoying, but spammers use this technique because it works on filters sometimes.


----------



## Mack (Nov 8, 2004)

*Re: Corporate email sending spam*

Hi don't want to high-jack tread but this happend to me recently. Some mail programs you can check where the mail originated from. In my case it originated from a yahoo adress even though in the email it looked like I had sent it.


----------



## johnwill (Sep 26, 2002)

*Re: Corporate email sending spam*

This is very common, it's one of the many tricks SPAMMERS use. They spoof a specific domain and send spam for a period of time until most filters have put that domain in their spam filters. It happened to my domain last year, I was getting hundreds of bounce messages a day for all sorts of random addresses from my domain.

Weather the storm, they'll give up on your domain after a few days and move on to some other hapless victim. :smile:


----------



## gmavai (Mar 2, 2008)

*Re: Corporate email sending spam*

Before you do anything drastic, check the email/internet headers of the emails and see where they're coming from - are they really from your email accnt or from someone 'else'. This can be due to spammers using spoofing techniques to fool users that the emails they're receiving are from legitimite sources.


----------



## johnwill (Sep 26, 2002)

*Re: Corporate email sending spam*

Here's one page on tracing the headers...

http://www.usus.org/elements/tracing.htm


----------



## NEW2IT (Jan 25, 2008)

*Re: Corporate email sending spam*

Great link. Things have slowed down a bit as far as our email goes. I have a copy of an email header we received back that I tried to dissect via that link but I am having a little trouble with doing so. I am an untrained Network Admin. just trying to learn as much as I can before I pull out all my soon to be grey hair. Being a grunt was so much easier. Here it is. I replaced our email address with [email protected]. I am just curious how to find out where it actually came from for future knowledge. Thanks.


Received: from [66.228.226.19] (HELO smtp155.redcondor.com)
by prtel.com (CommuniGate Pro SMTP 4.2.6)
with ESMTP id 247296310 for [email protected]; Fri, 04 Apr 2008 12:51:21 -0500
Received: from dsl88-244-31814.ttnet.net.tr <[email protected]> ([88.224.124.70]) by smtp155.redcondor.com; Fri, 04 Apr 2008 09:51:17 -0800
X-RC-HOST: smtp155.redcondor.com
X-RC-DBID: e7e9281b-cb7a-4b22-a2a4-f7e7e618a83d
X-RC-ID: 20080404175117217
X-RC-IP: 88.224.124.70
X-RC-FROM: <[email protected]>
X-RC-RCPT: <[email protected]>
Message-ID: <[email protected]>
From: "andreas claud" <[email protected]>
To: "Clarence Haynes" <[email protected]>
Subject: High Quality Watches Available Now
Date: Fri, 04 Apr 2008 16:03:33 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198


----------



## oldmn (Oct 16, 2005)

*Re: Corporate email sending spam*

Any time you have an online business with contact information you will get these. 
The best thing is just delete them and move on.
They have done the same thing, used it and moved on.
Anyone that could figure out how to stop it ray:ray:ray:


----------



## johnwill (Sep 26, 2002)

*Re: Corporate email sending spam*

Well, this is a clue! :grin:

From: "andreas claud" <*spoofedemail*@here.com>


----------

