Internal 'fake' emails

[Schnappa]

Hi all

Recently our email server has been bombarded by emails that seemingly originate from people within the organisation. Of course, they are not actually sending the emails, however they are becoming more frequent and are being picked off by our virus software, cleaned and sent through anyway.

One thought is that the emails have originated from a system outside of the organisation, that has dialed in and had access to our email server - possibly a staff ember unaware they have a virus?

Anyone had something similar?

Cheers

G

 

[JEG78]

Sounds just like typical spoof emails to me. Unfortunately, there is nothing you can do to stop it.

Are you sure these are coming from within your network?

 

[waldadam]

Look at the message headers and see if the messages originate externally. Usually these spoofs will come from an IP that is not within your organization. The only way to kill these is with some type of filter / RDNS lookup.

GFI has worked well for us.

 

[JEG78]

I forgot about RDNS. (Don't I feel stupid. Long day.)

Did you have to create filters that checked that?

 

[marko2002]

Personally, I'de be more worried about the fact that someone has access to the network with a virus - surely any network able machine would have anti-virus software installed and updated! - I know my reply isn't of any help but I've always believed there are enough threats out there that we cannot control, without allowing those we can to slip through our fingers.