Spammers using Nokiamail

Similar Messages

• Spammers using my email addy

  Spammers have been using my email address for about a week now to send out SPAM. I know this because I get a couple  "undeliverable" email /returned emails I didn't send every day.....Well today I just got an email from VERIZON
  stating that my "Outbound email access suspended"....What can I do ?
  Thanks
  Royals

  Royals1969 wrote:
  I did change my password a few days ago, but spamming continued til i got suspended Monday...So I doubt that the spammers are even using verizon email servers...So am I correct there is NOTHING I can do to stop it?
  You are correct; there is nothing we can do when spammers spoof an email address as the sender.
  I'm curious why Verizon is suspending your account, though.  I thought they did that when an account sent lots of email that they think is spammy.  In this case, that's not happening so I've no idea what trigger the suspension.
  I don't use Verizon's email for much,as I like to have better control over my email and I don't like my email linked to my ISP.
  Good Luck.
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

• Emailing from iPhoto using Mail & .Mac account in a foreign country

  Hi all.
  I love the OSX integration of being able to just select some photos in
  iPhoto and click the email button. Opens up Mail program and sends away.
  It makes it very easy and simple for someone like my girlfriend who would rather not think about where things are stored and how to attach them.
  I even made her get a .Mac account to simply things even more!
  Great.... but......
  Off she goes with the iBook to Thailand to do her wholesale shopping.
  With a new digital camera, iBook, .Mac account and iLife 6 all packed too.
  (plus a quick lesson in using iWeb to get photos to a web page).
  So now she takes some photos, loads them into iPhoto, edits, crops,
  makes them look pretty. All in the comfort of her own room. Then off
  to the Internet Cafe she goes, pays for a wireless hookup (the iBooks got airport). Goes to iPhoto, selects the photos, clicks email. Mail opens and a
  new message with the photos already attached opens. After typing a message and sending the message......an error gets returned saying unable to send message do to SMTP outgoing server.
  Having ran into this issue at home already, I followed instructions I found on the apple site regarding changing the mail setting account info SMTP server port number. Well that worked for home and after trying to get her to change it via the numerous numbers suggested from the Support pages on apple. Could not get her to be able to send an email (even when selecting .mac as the selected outgoing mail server).
  Any suggestions on how to get this to work.
  I just went into the new web .Mac mail and while you can attach files.
  There is no way to use the iPhoto program to do this or to just be able to drag and drop from iPhoto to .Mac webmail.
  Trying to show her the pathway to find her photos in the Pictures folder is not really an option.
  thanks
  Kerry

  Hi Kerry
  Some ISPs don't allow one to send email via another connection to prevent spammers using their servers for relaying junk.
  I suggest that she use the webmail function of .Mac.
  She could export the files to desktop, making sure that she adjusts the file size in the dialogue box so that the files are not too large, and then add to the email via the normal webmail interface.
  Adam

• SPAM on Exchange when using "anonymous" authentication on frontend connector

  Hi all,
  I have Exchange 2013 SP1 installation with all roles on one box. My initial configuration worked fine, I was able to send and receive emails just fine. Yesterday however, I noticed that emails were not flowing anymore and when I checked the Queue viewer,
  I saw thousands of SPAM emails being sent - most of them sent to yahoo.com.tw domain. I managed to clean the Queue and I unchecked the anonymous authentication on the default frontend connector and the SPAM stopped but we cannot receive emails anymore (sender
  gets 530 5.7.1 Client was not authenticated message).
  As soon as I enable anonymous, SPAM starts again. I don't have an external relay, I am sending email directly from Exchange. Can you guys offer any advice as to how to go about this? How do I enable send/receive emails without getting all this SPAM? 
  DB

  So, I managed to get a hang of it, we are in the process of acquiring a third party anti-spam solution, but in the meantime, I stopped spammers using my server by using the built in Exchange AntiSpam agents. I followed the suggestions in this article:
  http://www.allspammedup.com/2013/11/exchange-2013-anti-spam-technologies-the-sender-filter-agent/
  and set the sender filter agent to block certain addresses and, more importantly, to block empty sender messages. It is all fine for now, but I will keep monitoring it.
  DB

• Junk mail filter doesn't work all the time

  Why doesn't the Junk mail filter work all the time? I click on mail like from Best Buy or Omni Hotels to go into junk mail but hardly any of their mail goes into Junk. Other sites go directly to Junk. If I click on a Best Buy mail to indicate it's Junk, shouldn't that work 100% of the time forever and ever?

  The Junk filter is based on an analysis of the content of the message. It ignores the sender. (Filtering based on the sender is an ineffective way of dealing with true spam, since spammers use constantly-changing spoofed addresses.)
  If you don't want mail from a legitimate sender like Best Buy, unsubscribe from their ads. If that doesn't work, make a Rule to delete or move the messages.

• 2010 Forum Quotes

  In remembrance of last year let me share my collected (funny) quotes from this forum:
  | 2010 PL/SQL Forum |
  Aketi> This thread is to discussion what is difference between wmsys.wm_concat and ListAgg.
  michaels2> You might then also introduce a comparison with 11g's similar (undocumented) stragg function:
  BluShadow>Have they been letting Tom at the source code again!
  Slow_Moe>There is most certainly a difference here. I use Toad 10.5.1.3 in both cases, just pressing the button.
  We do have some issues with the database, performance wise, though. I'm starting to think it is
  not completely sane (upgraded from 9i, not installed from scratch).
  BluShadow>That could be an issue in Toad.
  We've just installed Toad 10.5.1.3 and they certainly have seemed to manage to introduce a multitude of bugs in it.
  Op presenting some large select> This was actually a query that someone else put together and asked me to fix - so I'm not actually sure what their requirements are.
  Tubby> I think you should stop immediately what you are doing, i mean this seriously.
  If you don't understand the requirement there's very little chance you'll have any measurable success tuning this. The bulk of tuning (in my experience anyways) comes from understanding the data, their distributions and the exact requirement needed by the query in question. Sure you can throw in the odd bit of technical magic to save the day, but i would say this is the exception and not the norm.
  It's entirely possible you could transform this query into an elegant 20 line query that executes in a fraction of the time, however, that's never going to happen without understanding the question you are trying to answer.
  oP> Thanks for Information.I will do in the below method.Confirm me it is OK or not
  amarkiewicz >I'm not exactly a machine and can't parse it as well as the db can. It looks like a good start. Try it out and see what happens.
  sybrand_b>BTW will anything bad happen if you post a question consisting of more than 1 line. Salary substracted? Fingers chopped off by your boss?
  John Spencer (about naming conventions in Sql Server Db)>
  Given that an unqualified name is usually resolved (only?) in the current database, and doing master.dbo.sp_help table_name gets tedious after a while, they chose to use the sp_ convention to "force" initial resolution to the master database.
  Billy> So it was introduced just because they were lazy to type a fully qualified name and rather hacked the object resolution scope and introduce exceptions to what should be sacred grounds - consistent behaviour in scope resolution....
  Makes sense... if you happen to be a Ferengi and dislike everything Vulcan...
  OP>I am finding out that explain plan and running the optimzer tools in SQL Navigator is much to read than in sql plus.
  SomeoneElse>I shall alert the media.
  OP>My database session has been locked. Please suggest something.
  Karthick_Arp> Kill the session.
  Saubhik>Find the lock and kill....
  sree>pls try alter system kill session 'SID,SERIAL#
  Ulfet>Firstly investigate why session was locked. If necessary kill session.
  Sven>All of you are session terrorists! All you want to do is kill...kill...kill! ;)
  William>The killing is regrettable but necessary to liberate the session ;)
  Billy>With most the advice offered here, you just as well can get some PE4/C4 (plastic explosives) and blow up the server. That will not only kill the "locked" session, but also kill any other potential and imagined problem arising from that server.
  As William said - a session is never locked. There is no such concept at session level in Oracle. A session can be blocked - something very different from being locked.
  A session can also become unresponsive for a number of other reasons. Stuck in an infinite loop courtesy of buggy code. Doing tons of I/O courtesy of bad SQL design that results in a cartesian join. Or slow because of just plain shoddy PL/SQL code. Etc.
  Killing that session will not tell you anything about what happened, what went wrong, and how to prevent that from happening again.
  The very first step when dealing with any IT problem is to identify the problem. Once you know WHAT the problem is, you will know HOW to address it. Killing the problem.. that only works as a solution in the military. Not in software engineering.
  Toon Koppelaars>Don't believe everything you read on the internet (even not this...)
  OP> what is the view?
  JS1>It's what you see when you look out your window.
  Someoneelse>http://theview.abc.go.com/
  OP> the application generates dynamically the condition in the form :
  where <condition_string> in ( 'red','blue')
  Billy> You need to consider what that means in actual terms.. in terms of the data model, in terms of dealing with end user requirements, and it terms of database performance.
  In most cases. this approach is fatally flawed. Is due to a poor data model and not correctly dealing with end user requirements in a performant and scalable fashion. Never mind trashing fundamental database concepts dealing with performance and sharable SQL.
  OP>of course, thats what I know. I looked for a quick workaround.
  Billy> So instead of running into a brick wall at a 90 degree angle, you want to see if it hurts less using a 60 degree angle?
  I would have thought that not running into the brick wall at all was the aim...
  BluShadow(after some heated discussion about pros and cons of SQL language syntax elements)>
  SQL> select * from dual;
  SQL> please process your datafiles and return the data from all of the columns from the table that is referenced by the name of dual;I know which I'd prefer....
  Munky>I like the way you said 'please'. Maybe, rather than all this 'tuning' nonense - response time could be directly correlated to how polite you are!
  Boneist>That's certainly true of the forums, if not the database! *{;-)
  Karthick_Arp>I would wish for MAKE_ME_RUN_FAST hint
  Munky>But surely this would be better?
  SQL> set timing on
  SQL> Hi ther Mr. DB (I do hope you don''t mind me calling you that?).
       I''ve got some super stuff for you to do and I would be just
       thrilled if you could do it expediently.
       However  - no pressure - you just do it at your earliest convenience.
       What I''m look for is all of the data from all of the columns
       that you've got in that dual fellow.
       Would that be okay?
       Jolly good, and thanks again old boy! xxx;
  D
  X
  Elapsed: 00:00:00.01
  SQL>----------
  Hari>Sorry Blushadow if my information went wrong, I copied it from a OTN Forum
  Blueshadow>Don't believe everything you read on the OTN forums, it's full of people posting inaccurate information. ;)
  William (in the "Wishlist" thread">I'd like BETWEEN to have an optional EXCLUSIVE clause for each end of the range so we didn't have to keep rewriting it using AND x < y etc.
  I'd like them to drop the stupid MODEL clause so I didn't have to feel inadequate for not understanding it, along with GROUP BY CUBE and while they're at it, XML.----------
  OP>If I need to remove some sensitive data from single field of a row in database (10g and 11g), is there a function provided by Oracle Db to do that? Just simplely set the value to null is not enough. I heard that 3 passes or more with certain set of values can do the trick. But I am not quite sure about it. Any suggestions? Thanks.
  hoek>Tricks don't exist in Oracle database-world. Please turn you mumbo-jumbo into somethng humans and databases can read and understand.
  Munky>You could get Prime's armed DBA to hack away at it? When NULL is not enough, use a chainsaw (sure I heard that somewhere?).
  John>Wouldn't it be a bit insensitive to shoot sensitive data ? (armed DBA ... could be a new role ;) )
  Munky>{code}SQL> CONNECT SYS as ARMED_DBA{code}
  http://asktom.oracle.com/pls/apex/f?p=100:11:0::::P11_QUESTION_ID:1156151916789#25335122556076
  user11268895>..but i was wondering why:
  user11268895> select count(distinct rowid) from mytable
  user11268895> select count(rowid) from mytable
  user11268895>were not rewirtten to the same thing (syntaxically/logically they are not the same, but an optimization can be made there (removal of the aggregate))...
  BluShadow>It's probably not automatically rewritten to teach you a lesson for not understanding what rowid is and not knowing that rowid's are already distinct. :P
  3360>Also it is a game of catch up. When Oracle protects developers from doing one stupid thing they seem to be infinitely resourceful in coming up with new ways to shoot themselves in the foot.
  http://www.quotedb.com/quotes/2701
  op> what is scalar subfactory .what is the purpose of it.
  MichaelS>Do you - by any chance - actually mean Scalar Subquery?
  op> scalar subfactory usage in performance tuning
  WHiteHat>do you mean a sub-contracted industrial plant specialising in extreme musical instrument manipulation?
  OP>I am getting an ORA-03113: error when executing the below trigger
  CharlesRoos>This happens when you come to work in the morning run first query without reconnecting to database firstly.
  OP: find first three highest salary from emp for each dept
  Sven: John, Paul and George.
  Munky: Got em! They were hiding under my desk! Do I get a reward for returning them safely?
  OP: query to find first three highest salary from employee table for each department
  Maxim: But really interesting is , what their salaries are... And whether their company still hire...
  Munky: "query to find first three highest salary from employee table for each department " => I've have made the appropriate enquiry. Hope this helps!
  Dbb: I suspect it is for fire them...
  Riedelme: "Sven wrote: John, Paul and George." What do you have against Ringo?????
  Munky: The OP only wants to fire the three that earned the most (obviously forgetting any additional income made from doing voice overs for children's programs)
  Sven: Afaik Ringo doesn't earn as much as the other three.
  OP: asking some question about dependencies
  OP (30 minutes later): Is any one there????
  Someoneelse: "Just nod if you can hear me"
  OP: I'm noding can u c me?
  Jay> First of all, whenever i try and put my attempted code for this in a thread it says 'sorry content not allowed'.
  BluShadow> It could be that your code contains some words that aren't permitted on the forums. If it contains certain words that spammers use a lot e.g. "S h o e s" then it may be rejected by the forum on the belief that you're trying to post spam.
  Billy> Or "d i s c o u n t" and similar words..
  Munky> But not 'bollocks'! <cringes - sorry couldn't resist>
  BluShadow>Of course not, we're allowed to talk bollocks. We do most of the time anyway. ;)
  Mosaq> and some of it is necessory sometimes ;-)
  | APEX forum 2010 |
  Peter to Carl>but if you say it's possible, it should work!
  carl>I say all sorts of things, that doesn't mean that it "should" work just that I think it "should" work . ;)
  j4john>Now that Craig Venter is creating synthetic life and the Higgs boson is wearing a false nose to evade detection, it's probably time to up the game in Apex file uploads.

  This is the great thread ;-)
  My favorite threads are below.
  Munky posted great reply :8}
  SQL Query Help
  order in a connect by

• Windows 8.1 - An attempt was made to query the existence of a blank password for an account.

  In my security event logs, I have a lot of this messages and I don't know how to trace where are the coming from. Please help me with that
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          5-1-2014 08:52:08
  Event ID:      4797
  Task Category: User Account Management
  Level:         Information
  Keywords:      Audit Success
  User:          N/A
  Computer:      Computername
  Description:
  An attempt was made to query the existence of a blank password for an account.
  Subject:
      Security ID:        LOCAL SERVICE
      Account Name:        LOCAL SERVICE
      Account Domain:        NT AUTHORITY
      Logon ID:        0x3E5
  Additional Information:
      Caller Workstation:    ComputerName
      Target Account Name:    Guest
      Target Account Domain:    Computername
  It's not only the guest account, but also the Administrator account, and the UpdatusUser.
  My blog: www.enduria.eu | Wiki-moderator Server Certification Study Groups #90days2mcsa (http://borntolearn.mslearn.net/certification/server/w/wiki/default.aspx)

  system automatically assigns a PW for guest accounts.
  Hetti Arachchige V Aravinda is correct.
  Hackers will use a key generator for guess accounts mailed to you, if you click, your are actually installing a run script,  usually this will run all the time, if there is an connection, the guest account will tell you the connection and where.
  This is most famous with IIS ftp service for guest accounts. This was a major flaw with IIS ftp service in previous OS the ftp world get confused with the amount of failed attempts and grant admin abilities to your ftp.
  Your event for guest account would show may attempts, this is a very common old way that spammers  used to connect to a device to spread spam.
  Wireshark is a sure way to trace packets in and out of your ISP. You can  now see what is coming. if you do this, do not let pcap run on start up. I am positive you have nothing to worry about. If you do trace your IP and you see lots of proxys coming
  in, I suggest you contact your ISP about this.

• Major problems with Server 10.5 on Mac Pro

  My Mac Pro was running Leopard 10.5.6.
  I installed 10.5 Server on a separate internal hard disk. It installed OK, but when I successfully logged in and downloaded the 10.5.6 v1.1 update, the computer froze on Log Out. I had to power it off using the power button.
  When I started up again, after I type in my login credentials, only "Server Assistant" opens. No dock. Just the "Server Assistant" menu bar. And I can't do anything except move the mouse and see the menu. When I press Command-Q, it closes Server Assistant and logs me out.
  This happened to me twice; on two separate installations.
  Any help would be appreciated.

  Well, the obvious question is what processes are running on the machine that could be consuming bandwidth.
  There are three scenarios I can think of that might cause this.
  One is the server trying to download a large amount of data - e.g. if you startup the Software Update Server it will download gigabytes of software updates from Apple. I'm guessing this isn't the case if it's been going on a long time.
  Option 2 is a misconfigured service that's allowing your machine to act as an open relay (e.g. a web proxy or mail server) and other users are bouncing traffic through your machine. This is absolutely something you should fix.
  Option 3 is a hacked/compromised machine that's doing something it shouldn't.
  Of these option I think #2 is the most likely. If you're running an open mail proxy you will get hit by spammers using your server to spew their wares.
  You should look at the server logs to see what's going on. Specifically /var/log/mail.log for the mail server and /var/log/httpd/access_log or /var/log/apache2/access_log for the web server. If either of these are large and growing you may have a problem.
  Once you identify the source of the problem you can implement a fix, but until you know which service it's impossible to be specific.

• How to create a "traveling route" line on a map from point A to point B!

  Can someone explained or show me how I to create a clip (it will have a background map of Europe) depicting a “traveling route” line from point A to point B. The “traveling route” line I would like to display follows a Bezier curve path; it would start from point A (as a “dash”) and progressively the dash line lengthens until it reaches point B.
  To expand my request further - can one add a plane or ship icon (image) as the start “header” (starting from point A), move along the Bezier curve path and spits out the trailing “dashes” to form the “traveling route” line?
  I have seen this done on occasions, but I’m unable to create such clip. You help is appreciated.
  I’m using Premiere 6.5 and After Effect 5.5
  You can email me at [email protected]

  I don't remember which site, but I think I have a link to a tutorial site that includes that
  Go to my Adobe notes http://www.pacifier.com/~jtsmith/ADOBE.HTM
  Click on the Tutorial section and check the various sites
  Added
  You should never post a clear email address... spammers use software to harvest such
  Put something like
  myname at partone dot com

• Message Exception and Internet Address exception in Java mail API

  Hi,
  Using JAVA mail api while using sendmessage method i am getting Invalid address exception..TO address and from address are same as my mail id..Someone please tell why these exceptions come.
  Thanks..

  To prevent spammers using your system's mail transfer agent as a channel for spam most MTAs are set up to send message either from a recognised local address to a remote address, or from remote to local. "Unable to relay" generally means that your MTA doesn't recognise the machine that tried to send the e-mail as "local".
  You probably need to make changes to the configuration of the MTA (Sendmail or whatever) that runs on the machine you've designated as mail host.

• Can a website steal your email address when surfing on a mac

  Can a website steal your email address just by visiting it on a Mac using Safari? (and without specifically entering the address on any newsletter sign ups or anything)

  Mulder - thanks, this is helpful & I hope you are right, I want to check that I'm not just giving my address away!
  Thing is I tested connecting to an anonymous ftp site using safari after your post. Safari hands off the request to finder as suggested but I understand that anonymous ftp sites usually require your email instead of a password and that by default some browser's (or maybe in this case finder?) give your email address (or a dummy one) over automatically. As I didn't get prompted for an email address I'm assuming that my computer (safari, finder or some other program) is maybe giving something over behind the scenes and I don't know what.
  I did a search on the internet about this and quite a few articles mention the following ways sites can get your email address for spam. This is why I wanted to check it out / whether it affects macs?
  This is what I read:
  "Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include:
  1) Making the browser fetch one of the page's images through an anonymous FTP connection to the site. Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.
  2) Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser. Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued
  3) Via an Ident daemon. Many unix computers run a daemon (a program which runs in the background, initiated by the system administrator), intended to allow other computers to identify people who connect to them. When a person surfs from such a computer connects to a web site or news server, the site or server can connect the person's computer back and ask that daemon's for the person's email address
  4) From finger daemons. Some finger daemons are set to be very friendly - a finger query asking for john@host will produce list info including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users. Spammers use this information to get extensive users list from hosts, and of active accounts - ones which are 'live' and will read their mail soon enough to be really attractive spam targets"
  5) Using the HTTP_FROM header that browsers send to the server. Some browsers pass a header with your email address to every web server you visit.
  I know that 5 definitely isn't happening but the other ones are difficult for me to check.
  Thanks again

• How to block spamers

  Please repspond with posts only (email address is not monitored).
  There are 4 questions
  1. What is the URL for the official, definative guide for Email Settings Blocking - blocked senders list
  2. Is there a way to block sub-domains?
       Example: I block jetsetter.com but spammers use random_name@RANDOM_SUBD.justsetter.com
  3. How can I upload a list of know spaming domins?
       I have over 2,000 
  4. Where can I report specific spamming domains?
       [email protected] appears unmonitored
       [email protected] appears unmonitored
       [email protected]  appears unmonitored
  More generally, I'm join a community committed to blocking (or materailly reducing spam).
  Regards
  S

  Anonim wrote:
  Correction to question 2
  Please repspond with posts only (email address is not monitored).
  There are 4 questions
  1. What is the URL for the official, definative guide for Email Settings Blocking - blocked senders list
  2. Is there a way to block sub-domains?
       Example: I block jetsetter.com but spammers use random_name@RANDOM_SUBD.jetsetter.com
  3. How can I upload a list of know spaming domins?
       I have over 2,000 
  4. Where can I report specific spamming domains?
       [email protected] appears unmonitored
       [email protected] appears unmonitored
       [email protected]  appears unmonitored
  More generally, I'm join a community committed to blocking (or materailly reducing spam).
  Regards
  S
  You are talking to peers here so follow is just my understanding of things.
  All the settings are off the Webmail site one of which addresses is http://webmail.verizon.net
  The specific page that comes up for me TODAY is
  https://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails#options_Email_Options
  2.  You can write a FILTER rule to try and match a subdomain
  3.  Probably no way to upload that many.  The filter rules are limited to about 50
  4.  The spamdetctor.notcaught  is the correct address to report spam.  Its is monitored, but they are not usually adding rules on reports by domains.  Its a third party Verizon uses and its looking for some way to detect spam mostly by other means.  Do not send spam to spamdetector.update as its for the exact other purpose, i.e reporting email that is not spam but was caught by the spamdector by mistake.

• From field being changed - How?

  This is probably going to be a rather dumb question, but here it goes. My company's CEO received a SPAM message the other day. The concern he had was that the message was not only addressed from him, but it appeared as though the sender was him also.
  I was able to find the message through Ironport Mailflow and saw that the message came into the Ironport device with a from field of ;
  Sender: [email protected]
  Recipient(s): [email protected]
  Subject: Your Featured Products of the Week?
  Message-ID Header: 20090318140646.3977.qmail@OMAR1
  So how does a Spammer get the message to change the sender field information to reflect the same as the To field?
  We are using Lotus Notes (Domino) for mail. They are only accepting messages from our Ironport devices.

  It's because the envelope sender doesn't necessarily have to be the same as the header('From') email address. For legitimate mail, this doesn't come up, but spammers use this to try and bypass spam filters and such.
  For example, here is what a potential smtp conversation between the Internet and the Ironport appliance:
  (sender) helo
  (receiver) 220 ok
  (sender) mail-from: [email protected]
  (receiver) 250 ok
  (sender) rcpt-to: [email protected]
  (receiver) 250 ok
  (sender) data
  (receiver) 334 go ahead, end with "." on it's own line
  (sender) From: [email protected]
  (sender) To: [email protected]
  (sender) Subject: Do you want to buy a brand new Rolex watch?
  (sender)
  (sender) Go to this website to buy it, http://newrolex.com
  (sender) .
  (receiver) 250 message accepted
  What happened above is perfectly legal. It is RFC compliant and it's not breaking any rules.
  Now, what I would recommend to counter this is the following:
  1. Would there be any scenario where both the header("From") and the header("To") would be the same domain, in this case, "ourcompany.org".
  When two co-workers send mail to one another, should it stay on the mailserver and never hit the Ironport appliance.
  If this is the case, we can implement an incoming content filter like the following:
  Same_from_to_domain_in_headers_quarantine:
  Conditions (All of the following must match):
  header("From") == "ourcompany.com$"
  header("To") == "ourcompany.com$"
  Actions:
  quarantine ("Policy")
  This kb article may help you with content filters.
  What conditions / actions are available to content filters?
  http://tinyurl.com/jpqwl
  This is probably going to be a rather dumb question, but here it goes. My company's CEO received a SPAM message the other day. The concern he had was that the message was not only addressed from him, but it appeared as though the sender was him also.
  I was able to find the message through Ironport Mailflow and saw that the message came into the Ironport device with a from field of ;
  Sender: [email protected]
  Recipient(s): [email protected]
  Subject: Your Featured Products of the Week?
  Message-ID Header: 20090318140646.3977.qmail@OMAR1
  So how does a Spammer get the message to change the sender field information to reflect the same as the To field?
  We are using Lotus Notes (Domino) for mail. They are only accepting messages from our Ironport devices.

• Can't send mail lately

  Dear Guys,
  Greetings again.
  Lately, I can no longer send email via a commercial ISP at home. I am able to receive mail. But when I send email, they go to a Dark Hole and nobody receives anything from me. Yet, I can find all those sent messages in the SENT box.
  I checked the SMTP setting and everything is accurate.
  I would appreciate it if you could tell me what other things I should look into?
  THANK YOU.
  Jimmy Chiu
  HONG KONG
  Power Book G4    

  Hello Jimmy.
  Lately, I can no longer send email via a commercial ISP at home.
  I am able to receive mail. But when I send email, they go to a
  Dark Hole and nobody receives anything from me. Yet, I can
  find all those sent messages in the SENT box.
  You are able to send messages with this account and SMTP server. If a message cannot be sent for whatever reason, it will remain in the Outbox mailbox usually with an error message provided.
  A message moved to the account's Sent mailbox indicates the message was successfully sent by the SMTP server used with the account. Open a sent message in the account's Sent mailbox and at the menu bar go to View > Message and select Long Headers. The Message ID information is another indication the message was successfully sent.
  A successfully sent message is either accepted or rejected by the recipient's incoming mail server. If rejected for whatever reason, you will usually receive a return email error message from the recipient's incoming mail server indicating why the message was not accepted. With so much spam being circulated and since spammers don't provide a valid sending or return email address with many spammers using what is called a "dictionary" attack guessing at email addresses for a particular domain, many ISPs and email account providers no longer send a return email error message to the sender of a message when the message was not accepted.
  Basically if a message was successfully sent, what happens to the message after that is beyond your control.
  You can try contacting the provider for this email account and SMTP server and ask if there is anything they can do with the Message ID information for the messages that were successfully sent but the recipient indicated the message was not received.

• 'Undeliverable Mail' SPAM

  I have recently started to get a fair amount of 'Undeliverable Mail' SPAM.
  Anyone else getting this?
  imac G5 20; 1gig RAM; 160HD; airport; bluetooth keyboard & mouse; bose companion 3 speakers   Mac OS X (10.4.8)  

  I've received the same before as have many others which is an indication a spammer has used your email address to appear as the sending email address for a bulk spam mailing.
  Spammers do not provide a valid sending or return email address which is constantly changed and some spammers use a valid email address pulled from their list of "known good" email addresses.
  This is likely what has occurred and if so, there isn't much if anything you can do about it.