okamon
asked on
email spam question
there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
Subject: To all Employees - Confidential Message
From: message@securebank.com
To: luc@abc.com
Date: Thu, 17 Jan 2013 07:39:23 -0700
Reason: attachment type policy violation (To ALL Employees.exe)
Action: deny
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?
And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
Subject: To all Employees - Confidential Message
From: message@securebank.com
To: luc@abc.com
Date: Thu, 17 Jan 2013 07:39:23 -0700
Reason: attachment type policy violation (To ALL Employees.exe)
Action: deny
--------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?
And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.
is it the webmail firefox plugin I .... should I chnage password asap?
I would and use a fairly difficult password to be sure.
Also make sure the users are using a good, corporate level, paid antivirus tool. If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.
.... Thinkpads_User
is it the webmail firefox plugin I .... should I chnage password asap?
I would and use a fairly difficult password to be sure.
Also make sure the users are using a good, corporate level, paid antivirus tool. If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.
.... Thinkpads_User
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
.... Thinkpads_User
ASKER
the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?
>>When the browser gets compromised, there go your contacts...
but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?