Spam supposedly from contact list

Discussion in 'Help Desk' started by nelsonsk1, Jul 11, 2011.

  1. nelsonsk1

    nelsonsk1 New Email

    Joined:
    Jul 11, 2011
    Messages:
    2
    Likes Received:
    0
    Starting out with the basics, the spam problem is on a company network with a Zimbra email server. Client's are running Outlook 2007 on XP SP3.

    The spam problem that I have just started within the past week or two. So far it is only affecting one client, which happens to be our company president. So far three similar spam mails have been received.

    The emails all say they are from the same person (a name in client contact list) but the referenced email addresses are different each time. The subject will contain another person's name (different each time and also a name in the clients contact list) and will have a message in the body with a link. As an example:

    From: John Doe [mailto:<not John Doe's email address>
    To: My Client
    Subject: true about Jane Doe...

    Hi, My Client!
    Oh my God, did you know that Jane Doe take these

    <Link-shows as partially legitimate link but is a re-direct>

    Really banned photos, i didnt know that is so nasty!

    So far, all three emails show the same "From" person but three different from email addresses. All three emails reference at least one other legitimate contact name from the clients contacts.

    I've run several virus scans/malware scans and haven't found a problem with the PC. There is no unusual activity on the email server and it doesn't appear my client is mass mailing without their knowledge.

    Since the From email address changes each time I can't block using normal methods.

    Any help identifying the possible problem would be appreciated.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120

  3. nelsonsk1

    nelsonsk1 New Email

    Joined:
    Jul 11, 2011
    Messages:
    2
    Likes Received:
    0
    Thanks for the reply. Yes I did check the IP address in the full header information. Unfortunately, although the emails were nearly identical, with only minor modifications and a different hyperlink, each showed as originating at a different IP address. I checked the first one and it said the IP was registered to Telefonica de Argentina.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...