Spam messages appear to be sent from your own domain (spoofed spam email). Example: email@example.com receives a spam mail from firstname.lastname@example.org Remediation is needed.
This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Spammers have found existing email addresses in your domain and are targeting these email addresses.
It is not possible to stop spoofed spam email using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.
Symantec Mail Security:
Ensure your own domain has not been added to the Sender White List:
Go to Policies > Antispam > Whitelist in the SMSMSE console.
Verify your domain(s) are not listed in the Allowed Senders box.
Verify the email account(s) getting the spam are not listed in the Unfiltered Recipents List.
Make sure after making any changes to click Deploy changes.
Ensure all reputation services are enabled
Go to Policies > Antispam > Premium AntiSpam in the SMSMSE console.
Verify the following are selected under Reputation Services
Enable Ruleset based Sender IP Reputation
Exchange 2003 server:
Ensure your Exchange server is not an SMTP open relay: