Well, first of all, before you spend more time trying to associate users@ourdomain.on.ca
with a group or person in your environment, let me suggest that you're probably on a snipe hunt.
The actual problem (probably) below:
Like Greg Askew said, it is likely (if not almost certain) that there is no actual email address or group associated with the email address in the To:
field (users@ourdomain.on.ca
). It's fairly common practice, in fact, to send group emails to a bogus To:
address, and BCC
the actual recipients, when it might not be appropriate for the recipients to know about who all is being included in the email. This has legitimate applications (such as sending out a mass email to a number of disparate clients), as well as utility in sending out spam.
- In fact, I often use this technique myself with distributions to multiple clients. I'll send an email to
clientnotification@mydomain.tld
, and BCC
all the clients I want to get the email. They don't need to know about each others existence or status as my clients, or who all I'm sending to, and it cuts down on my workload, having to send one email instead of multiple emails.
The solution:
To mitigate or largely eliminate this kind of problem with spam reaching a group of recipients on your domain, there are a couple easy things to you can do within in Exchange. (As with most things, this functionality is more primitive in 2003 than in 2007 or 2010, but it's still there)
Limit who may or may not send to the larger distribution groups.
It won't help if all your individual users were listed in the BCC
(in which case, I'd suggest you need to defend your directory and mail server against Directory Harvest Attacks), but will in the event that this did get sent out to everyone via sending to the address of a large or global distribution list.
Limit some or all of you internal groups from receiving outside mail
This is a also a good idea, generally, because generally, you don't want people outside your organization sending emails to groups within it.
In Exchange 2003, this is enabled with the From authenticated users only
tickbox in the above image.
The other beneficial side-effect of these setting is that you invariably get a luser doing a Reply All
to some large distribution list with an asinine comment or acknowledgment of receipt (thanks!
, was I supposed to get this?
, etc.), and that's always unpleasant and inconvenient. Better cut them off before they spam the whole company with their invariably misspelled, ungrammatical, txt msg
-style inanity.