Naughty E-mails

[Caustic]

Hi! It's me again.

Some of my users are getting inappropriate mail delivered to their inbox. The e-mails are not addressed to them directly. In fact their not even addressed to my company's domain. The only thing the "to:" address has in common with the user's actual address is the first four or five letters.

Example:
jandrian99@hotmail.com being delivered to legitimate address of jandrews@mydomain.com.

Anyone ever seen anything like this? This seems to have become a recent phenomenon.

 

[shipmate]

I've had it happening recently too. In outlook 2k, open the email, go to view->options

You can see where the email is really headed to and who it's from......they are forging the addresses.

It's only the internet stuff though; if you check an internal email, you won't see anything.

Shipmate

 

[Caustic]

Okay, I'm still having this problem. I don't think I asked the question correctly. The e-mail addresses on these seemed to be malformed and shouldn't be making it through the e-mail server. An e-mail addresses to the @hotmail.com domain should not be able to pass through correct? It should be turned away.

 

[MarkITMan]

I've seen more and more of this in the past couple of weeks. There are so many Bots out there gleening information from peoples computers it's not funny. I found that by requireing personnel to delete their cookies and temp internet files every day it cut's down on these types of e-mails. Most Internet junk mail is 'forged,' meaning that the addresses listed on the "from" and "reply-to" lines are fake, and e-mail sent back to the address contained in the header is returned as undeliverable. To find the actual
domain from which the junk mail originated, look at the headers that are listed at the bottom of the Internet mail. You will often see a line reading something like "Message-ID: ." The information following the @ sign is the
actual domain address; this is the one you should block in Mail Controls.

Good luck in stopping this.

 

[Caustic]

Thanks for the info. I'll just start blocking the domains. Oi

 

[AlexIT]

I began a thread that was going to be converted to a FAQ containing a blocked domain list (those that you should immediately block to save time.) This list has grown VERY fast. If you are getting mail from a domain that is NOT on the list, please reply to that thread with the domain info so we all can prevent this.

Alex

 

[ram6071]

Another way you can block out illegal e-mail message. In your Exchange Internet Mail Service properties, under ROUTING you will see Routing Restrictions. Go into Routing Restrictions and put a check mark beside "Hosts and Clients with these IP address" You will not need to specify an IP address, because mail coming in that does not match your domain or your mail route extension (@yourdomain.com) will be return to sender.

 

[Caustic]

Go into Routing Restrictions and put a check mark beside "Hosts and Clients with these IP address"

This has been in effect for some time now to curb relay attempts. Thanks though.

 

[ShackDaddy]

Guys, even though it looks like the porn mail is going to an address that's merely similar to one in your network, that's not accurate. None of the destination addresses are being forged.

Many spammers send out mass mailings in chunks of several thousand at a time. Only the first email address (or first dozen) in the chunk is put in the "To:" field. The rest are put in the "Bcc:" field, or blind carbon copy. That's why you don't see your address there, since your email address was one of the hidden recipients.

ShackDaddy

 

[Caustic]

A HA! Thanks Shack...very insightful.

 

[Caustic]

Alex,

what was that thread #?

 

[AlexIT]

The blocked list is thread10-203769.

Alex