Hi All, We are running Exch 2003 SP2 and Outlook 2007 SP2. We received an email (spam) where the Displayname and From field both showed Julie with no domain. Some of our users had their OOO's enable and when those replied, Julie was then resolved to an internal user who received the OOO's. When I check the message headers, there is an email address associated with the name and the reply to address is the same. Can someone please explain to me how/why this happens and if there is a way I can block it? Thanks in advance!!!!

Sounds like standard spammers spoofing trick. They send the email with the from address of a user at the same domain as the target. The only way to block it is with your actual antispam product. Stop the spam from getting in. If the message gets in, then Exchange will process it as normal. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

I guess, there's manipulation in P2 header... http://reidablog.blogspot.com/2006/02/p1-and-p2-headers-in-smtp.html I would suggest taking a look at the originating IP address in the message header & doing the connection block to it would resolve any spam originating from that IP. http://support.microsoft.com/kb/823866 Regards, Pushkal MishrA

The strange thing with this one was that the name was just Julie (not Julie@ourdomain.com) - I think they just got lucky that there is a Julie internally, otherwise I'm guessing it would have acted differently. We already have an antispam product that looks like we will have to beef up a little. Thanks again!!

Thanks for the reply Pushkal - we are looking at our spamfilter now...

I would recommend turning recipient filtering on (Not sure if your spam filter has that option) ...as this feature will only let the emails in for the recipients who exist in your domain...... I've seen the below issue with many clients, this is applicable with exchange server 2003 as well http://support.microsoft.com/kb/886208 Regards, Pushkal MishrA

I guess, there's manipulation in P2 header... http://reidablog.blogspot.com/2006/02/p1-and-p2-headers-in-smtp.html I would suggest taking a look at the originating IP address in the message header & doing the connection block to it would resolve any spam originating from that IP. http://support.microsoft.com/kb/823866 Regards, Pushkal MishrA

I would recommend turning recipient filtering on (Not sure if your spam filter has that option) ...as this feature will only let the emails in for the recipients who exist in your domain...... I've seen the below issue with many clients, this is applicable with exchange server 2003 as well http://support.microsoft.com/kb/886208 Regards, Pushkal MishrA

Hi, The Display name is the ResolveP2 address (From address in Message Header) which can be simulated as any address as the need. The best solution is use the Sender Filter or SPF record to prevent it. Thanks AllenAllen Song