Off the top of my head, unless you can get your hands on some of the origianl messages and look at the message headers, I suspect you are kind of screwed. :(
You might want to come up with some verbage on a standard email indicating this as a problem and how to locate and read message headers. Request a copy of said message with message headers intact. You then 'might' be able to track down his ISP and follow up that way. Good luck, -sp -----Original Message----- From: Rod Cappon [mailto:[EMAIL PROTECTED]] Sent: Friday, June 07, 2002 8:26 AM To: MS-Exchange Admin Issues Subject: some one is using my domain name to send out spam First off I am not being used as a relay , I have tested and checked every which way . What is happening is some SPAMmer is sending out email with a from address that is a <mailto:> "random name"@dbcorp.ab.ca The result is I get all the NDR that are generated when they hit a bad address and I also get all the bad vibes that comes from recipients. Unfortunately I can not tell where the message really coming from because it appears to be done via a mail relay. I have looked at the headers of a few on the NDR reports and they are coming from a verity of mail server and are mostly account does not exist or mail box full. The source mail server changes with each new broadcast that they send out. This tells me they are using open relays out there to send the spam. The result is I can not tell the true source of the spam Is there any trick that you folks have up your sleeves that I can use. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
