Home
Topics
Microsoft Exchange Server Administration
Microsoft Exchange Server Performance
Is one of our e-mail accounts getting spoofed?

Is one of our e-mail accounts getting spoofed?

Richard Luckett

I have a user on my network that, even after replacing his computer, keeps sending e-mail to a particular e-mail address and gets a bounce back. The problem is that the e-mail is sent at 2 a.m. or 3 a.m., when the user is home in bed. I have done the regular stuff: scan with Norton Antivirus (and MicroTrend House Call), done all the Microsoft updates, ran Spybot and Ad-Aware and cleaned up all the temporary files and cookies. Any idea how to fix this one?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Before you replace the machine again, take a look at the e-mail header. It is possible that this mail is not coming from the user/machine that is says? In other words, someone may be spoofing the e-mail address. You can identify a spoofed e-mail address by looking for the sender's info in the header for example: Received: from w072.z064001136.chi-il.dsl.cnc.net ([64.1.136.72]). If the IP address is not from one of your mail servers, it could be coming from another user.

If you identify that it is coming from one of your Exchange servers, then you can use a tool like Microsoft Network Monitor (Netmon), or a freeware tool like Ethereal, to capture the traffic being sent and received by this suspect machine. What is nice is that you actually know the time that this occurring, so you know when to monitor the traffic. This will help you identify if it is in fact the machine the mail is coming from, and if so, which application is generating this message. Netstat –o can be used to enumerate the processes that have active connections on the machine while the problem is being experienced. Once you have the Process ID (PID) you can use Task Manager to identify the most likely suspects and remove them from the machine. To view a PID, open Task Manager and click on the Processes tab. Open the View menu and select Select Columns. Choose PID Process Identifiers.

If this does nothing for you, you can try to identify the problem at the file system and registry level in real time with the Filemon and Regmon tools from Sysinternals.

Do you have comments on this Ask the Expert question and response? Let us know.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in February 2005

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Windows Server
Enterprise Desktop
Cloud computing
SQL Server
Windows IT

Windows Server
- Microsoft delivers patch updates for Windows Server 2012, Windows 8
  
  Microsoft delivered two critical and eight important bulletins in May's Patch Tuesday release, fixing issues in Windows Server 2012 and Office apps.
- Windows Azure Active Directory steps out of the shadows
  
  As Windows Azure Active Directory moves into general availability, we look at how it can help admins manage user authentication in the cloud.
- Steps to read XML files with PowerShell
  
  Wondering how to get PowerShell to read XML files? Our expert explains a few methods you could use.
Enterprise Desktop
- Finding a prescription for desktop security management at Sharp HealthCare
  
  Desktop security policy must cover the use of mobile devices and the cloud. Sharp HealthCare uses a mix of software for desktop security management.
- Windows 8 tools build on native Windows 7 utilities with new capabilities
  
  New and updated Windows 8 tools can help admins and users. Windows 8 utilities include functions for backing up and restoring systems.
- Why a Windows security scan is not enough to protect your workstations
  
  A traditional Windows security scan may lure IT into complacency about desktop vulnerabilities, so look at four areas to beef up Windows security.
Cloud computing
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
- VMware charges into public cloud IaaS fray as Dell exits
  
  Dell will discontinue its OpenStack and VMware vCloud-based public cloud offerings as VMware delivers its vCloud IaaS.
- Cloud migration obstacles remain for heavily regulated industries
  
  Financial, government and healthcare industries must overcome data security breaches and regulatory issues for a successful cloud migration.
SQL Server
- Database index design and optimization: Some guidelines
  
  What are the latest tips and tricks for database design and optimization? Check out this tip from Basit Farooq to learn more.
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
Windows IT
- How to advance your cloud skills and get ahead of the gap
  
  There may be a growing shortage of IT pros with cloud skills, but you can take action now and become a valuable asset with the right skills.
- Prepare for a SharePoint 2013 upgrade with five tips
  
  Considering an upgrade to SharePoint 2013? Find out the answers to the most common questions IT pros will ask before making the jump.
- Prioritize your IT tasks and finally conquer your to-do list
  
  It's easy to feel overwhelmed by a growing to-do list of IT tasks, but there are easy ways you can decide what to tackle first and what can wait.

All Rights Reserved,Copyright - 2013, TechTarget