We have an interesting development where there are various phishing attempts coming into the institution. The guys are sneaky in the fact that is states it is from [EMAIL PROTECTED] and can even have a http link in the message. They are requesting the users respond back and give their password. It's tagged as spam, but with 70,000 users some respond back, the hackers get in and blast some messages out.
We can trace this on our student mail system, by looking for all the deferred and trace it back. My question is on Exchange. We have it limited to a maximum of 250 per message, but I'm wondering is there a way to look in the tracking logs that will indicate a compromised account. We have pop enabled as well (not my choice) so they can forge the sender. Any pointers on this? We do have Log Parser 2.2 installed. We also route all our mail out through Zix encryption servers as well...that complicates it a little more for tracking purposes. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
