Spam or exchange issue?

Question

I am getting an error message to unknow user on my domain. I would like to know is this just a phishing spam email or it was really send from our domain? I have changed our domain name to OURDOMAIN.COM

I have Exchange 2010 installed.

Body of the email is

Delivery has failed to these recipients or distribution lists:

sales
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
Sent by Microsoft Exchange Server 2007 



Diagnostic information for administrators:

Generating server: murraygroup.local

sales@OURDOMAIN.com
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

Original message headers:

Received: from ironport.mih.co.uk (10.10.29.9) by
 mih-exca-01.murraygroup.local (10.10.29.133) with Microsoft SMTP Server id
 8.3.106.1; Fri, 29 Jun 2012 12:36:12 +0100
Received: from glamf04.netintelligence.com (HELO mailfilter.iomart.com)
 ([62.128.193.114])  by ironport.mih.co.uk with SMTP; 29 Jun 2012 12:42:48
 +0100
Received: from glamta4.netintelligence.com(localhost.localdomain[127.0.0.1])
 by mailfilter.iomart.com ; Fri, 29 Jun 2012 12:37:18 BST
Received: from [195.43.137.66] ([195.43.137.66])    by
 glamta4.netintelligence.com (8.13.1/8.12.8) with ESMTP id q5TBbH4j022142   for
 <sales@OURDOMAIN.com>; Fri, 29 Jun 2012 12:37:18 +0100
Date: Fri, 29 Jun 2012 12:37:17 +0100
Message-ID: <20120629145229.4C2A817231D8A7958044@SONW>
From: Ines Hampton <CarmenF77297@OURDOMAIN.COM>
To: sales <sales@OURDOMAIN.com>
Reply-To: Marguerite Soto <OrvalBCC70@brighterhorizons.org>
Subject: User sales
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-Path: CarmenF77297@OURDOMAIN.COM



eporting-MTA: dns;murraygroup.local
Received-From-MTA: dns;ironport.mih.co.uk
Arrival-Date: Fri, 29 Jun 2012 11:36:12 +0000

Final-Recipient: rfc822;sales@OURDOMAIN.com
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found
X-Display-Name: sales

HopelessN00b · Accepted Answer · 2012-06-29T14:15:17.107

4

It's spam.

Received: from glamf04.netintelligence.com (HELO mailfilter.iomart.com)

and

Reply-To: Marguerite Soto OrvalBCC70@brighterhorizons.org

Indicate it didn't come from your user at your domain. It came in from glamf04.netintelligence.com (and if you look, you can see where that server received the emailfrom and trace it back some) and it has a reply to address to some Islamic school organization (weird), so it's safe to assume this is backscatter spam.

edited Jun 29 '12 at 14:15

answered Jun 29 '12 at 13:00

HopelessN00b

53,385
32
133
208

1

Backscatter I think is the more common term? – EightBitTony Jun 29 '12 at 13:47
Also the correct one. Thanks, I'll fix that now... and pay more attention to the spelling corrections my browser offers. – HopelessN00b Jun 29 '12 at 14:13

Spam or exchange issue?

1 Answers1