RE: Question regarding spam - address spoofing

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 10:32:35 -0500

The spammer included an address in the To: field that does not exist in your
environment and included 'many' addresses in the BCC: field.  One of the
BCC: addresses was evidently a valid address in your organization (the
person that submitted the spam to you).

Regards,

Chris Wall
Sr. Exchange Administrator
MCSE, MCSA
 
Global Knowledge Network
9000 Regency Parkway
Cary, NC  27511
w - 919.460.3236

-----Original Message-----
From: Dan Vanden Bosch [mailto:dvandenbosch@xxxxxxxxxxxxxx] 
Sent: Wednesday, January 12, 2005 10:37 AM
To: [ExchangeList]
Subject: [exchangelist] Question regarding spam - address spoofing

http://www.MSExchange.org/

I have a user who received a spam message. However the user's address
wasn't in the To field. I checked the Internet Message Header and it
wasn't there either. The to field had a user who doesn't exist on our
domain.

How would this message have gotten into the user's mailbox?

Would this be an example of a directory harvest attack?

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: