Carlos Osorio said:
Need to find out how this happened, and how to prevent it.
Go into the e-mail account definition. Take a look at the E-mail
Address field. See, even you can put any string that you want into that
field. So can the spammers. The From header is *data* contained WITHIN
the e-mail. It is not used for routing. It is not added by your
sending mail server. It is just more data inserted into your mail just
like the body is inserted. All the headers and body inserted into your
message by your e-mail program are transmitted within the DATA command
sent to your sending mail server. The recipients are aggregated into a
list and a RCPT-TO command is use to specify each recipient of your
message so there will be as RCPT-TO commands as there are recipients in
the To, Cc, and Bcc fields together, but only one DATA command gets sent
with the content of your e-mail (headers and body, which is just the
parts within the same message).
You will need to trace backward through the Received headers to
determine the source of the e-mail. Mail servers prepend their Received
header, so the latest one (the one added by your receiving mail server)
is at the top. Trace top-down through the Received header but make sure
you know how to trace through them since spammers will often insert a
bogus Received header. The "by" host in a Received header should match
up with the "from" host in the next (higher up) Received header.
However, some domains add headers when internally routing e-mails so you
may see some that don't look like complete Received headers. It takes
practice to figure out how to trace through the Received headers. Post
the headers in alt.spam to get help on tracing through them (SpamCop has
newsgroups, too, that could help).
