User received email from his email address

[Puckoff]

I have a user that has recieved an email from his address. How can I find out who or how this happened?

 

[chipk]

If you're using Outlook as a client, you can view the headers of the message without opening it by right-clicking and selecting Options. More that likely, it is a spoof, which his actually pretty common.

 

[zbnet]

It's a standard spam technique. The SMTP RFC doesn't enforce consitence between envelope headers and body headers - a bit like you can write a fictional To and From address on the top of a letter, which then goes into an envelope with a different To address on the front (and a From address on the back) - only the envelope To address is used to deliver the letter. By the time you see the email in Outlook, the envelope has been removed (just like your wife opened the letter and thre the envelope away, and showed you only the letter inside). So it's only a matter of trust that the From and To you see in the email is really true (which it is for all legitimate email).

 

[chipk]

But if it came from the Internet, it will have header information stating as much, even if it is not traceable to the "real" sender. No internal e-mail should have an Internet header.