By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.
The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).
Do you have comments on this Ask the Expert Q&A? Let us know.
Ask an Exchange Server question in our forum.
Dig Deeper on Microsoft Exchange Server Monitoring and Logging
Related Q&A from Richard Luckett
We have a Client Access Server and Mailbox Server on Exchange 2013 and we want to install an Edge Transport role on another machine. I joined the ...continue reading
How can I enable Outlook Anywhere to allow internal use for all users and external use for only some users in Exchange 2013?continue reading
Exchange Server transaction logs have filled up my hard drive. How do I free up space taken by these logs? And can I prevent it from happening again?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.