[thelist] Returned mail that did not originate at our organization

Chris W. Parker cparker at swatgear.com
Tue Nov 19 11:58:06 CST 2002


> -----Original Message-----
> From: Tony Crockford [mailto:tonyc at boldfish.co.uk]
> Sent: Tuesday, November 19, 2002 9:52 AM
> To: thelist at lists.evolt.org
> Subject: RE: [thelist] Returned mail that did not originate at our
> organization
>
>
>
> > (ourUser at ourDomain.com). when the virus sent the email it
> replaced any
> > sort of legitimate return address with a random address
> which just so
> > happened to be ourUser at ourDomain.com. therefore when the end
> > system AOL
> > received the email it assumed it was sent from us because
> of the fake
> > return address.
> >
> > i hope this is true and it makes sense that it might be, but my boss
> > doesn't really want to accept this simple answer.

> I think you're right in suspecting a virus I'd say it's very likely to
> be bugbear which is very good at spoofing email addresses.
>
> One way to tell is to look at the original message (after cleaning it)
> to see if the text sent matches any of the usual virus suspects.

but i don't think we receive the original mail. at least, when i have an
employee forward a mail like that to me and i right-click it and choose
Options to read the headers, they are gone. it's all blank. i think
exchange steals them. (we're using outlook and exchange 2k btw.) is
there any way i can look at the headers of the mail the user received
without going to their desk?


chris.



More information about the thelist mailing list