Spoofing?
- From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
- To: "Exchange Group on Yahoo (MS_Exchange@xxxxxxxxxxx)" <MS_Exchange@xxxxxxxxxxx>, "ExchangeList (exchangelist@xxxxxxxxxxxxx)" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2003 09:49:53 -0500
Hello everyone,
My organization has a mailbox called 'HostMaster' and last night someone
sent a message titled 'test, please ignore' to the Hostmaster mailbox. What
is weird, is that the message says that it is from itself
(HostMaster@xxxxxxxxxxxxxxxxxxx <mailto:HostMaster@xxxxxxxxxxxxxxxxxxx> ).
Only one person has permissions to this mailbox and he did not send it.
The To: field and CC: field in the message are blank. This indicates
that the message was sent using a BCC: field. Is there anyway that I can
see what was put in the BCC: field? Better yet, I have provided the header
information from the e-mail:
Received: from mbserv002.globalknowledge.com ([172.16.56.25]) by
mbserv002.globalknowledge.com with
SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id 1XBJ8D65; Mon, 3 Mar 2003 18:40:28 -0500
Received: FROM h002078cc3b91.ne.client2.attbi.com BY
mbserv002.globalknowledge.com ;
Mon Mar 03 18:40:11 2003 -0500
subject: Test, Ignore..
MBSERV002 'reflects' our internal bridgehead here. Is there any
information here that would help me to determine who sent this message. If
it were sent from within our company, SMTP would not be involved. Only the
X400 connectors would have been used.... is the
'h002078cc3b91.ne.client2.attbi.com' the culprit here? If so what is my
next step in finding out who this is or at least reporting them to some type
of authority?
Thanks for any info. I am new at this.
Thanks,
Chris Wall
Other related posts:
