RE: Question regarding spam - address spoofing

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 10:32:35 -0500

The spammer included an address in the To: field that does not exist in your
environment and included 'many' addresses in the BCC: field.  One of the
BCC: addresses was evidently a valid address in your organization (the
person that submitted the spam to you).


Chris Wall
Sr. Exchange Administrator
Global Knowledge Network
9000 Regency Parkway
Cary, NC  27511
w - 919.460.3236

-----Original Message-----
From: Dan Vanden Bosch [mailto:dvandenbosch@xxxxxxxxxxxxxx] 
Sent: Wednesday, January 12, 2005 10:37 AM
To: [ExchangeList]
Subject: [exchangelist] Question regarding spam - address spoofing

I have a user who received a spam message. However the user's address
wasn't in the To field. I checked the Internet Message Header and it
wasn't there either. The to field had a user who doesn't exist on our

How would this message have gotten into the user's mailbox?

Would this be an example of a directory harvest attack?

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: