Employee's account has been spoofed.

[phoenix.ckelly]

Greetings all,

I am an IT Support technician for an RV dealership. Recently, a
lady in our parts department filed a complaint about some System
Administrator messages that were being sent to her. I logged into her
box and checked her account. Lo and behold, these are not the Sys
Admin messages that I thought they would be. Instead, the messages
contain info that I know our employees are not sending. As an example,
one header was listing in the subject line the sale of "Performance
Pills". Now I know that it is difficult to stop this once it has
started, but I am looking for any answers that can be given.
Update: Now another employee is affected. This needs to stop! I am
desperate!

 

[Laura Rooke]

What version of OUTLOOK are you using?
You can mark the senders or the senders' domain as junk.

 

[Pat Willener]

Do you mean bounces for spam messages? With the employee's email address
spoofed into the 'From' header? If this is the case, there is really not
much anyone can do (except to ask the spammers not to use fake headers).

Look for common data in these bounces, then write some rules to exclude
these messages.

 

[phoenix.ckelly]

First, we are using Outlook 2003. Second, yes we are looking for
common ground in the headers. Unfortunately we have not had any luck
thus far. An addition user as been affected as of this morning. Short
of redoing the Exchange server and reissuing new accounts I am still a
little lost.