Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1338
Views
0
Helpful
2
Replies

User Sending mail to Himself

Go to solution
Napster1112@gmail.com
Level 1
Level 1

‎02-20-2019 08:43 AM - edited ‎04-12-2024 01:14 PM

Hello Forum,

 

We have observed on Splunk that a user is sending emails from his own organizational mail address to himself (same mail address). there are 44 emails triggered in a time span of 5 mins and we monitor the traffic in Splunk through cisco ironport.

When we checked with the user, the user is not aware about any such transactions. What could be the possible reason that these mails are getting triggered and delivered from the same id and to the same id. We have checked the internal message id and it is different for all the cases which means there are 44 emails triggered. Can anyone please help us understand the reason behind this.

 

Thanks and Regards,

Napster

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎02-20-2019 09:12 AM

Hi,

I am not sure about your email and network security setup. But I can guide you with some basic guides which will help you that these emails are generated by your domain itself (hacking or authorized) or those are fake emails:

1. Have you configured SPF records for your domain? I know this is a basic requirement for email but cross-checks the domain.

2. Have you configured DKIM and DMARC for your domain? 

3. Have you enabled "Header anomalies" on your email gateway?

I hope you are aware of all of those things. I advise you that you must collect original email (which you mentioned in the post)  header from the user's inboxes and check with MXTOOLBOX.COM. What is output for all SPF, DKIM, DMARC, sender SMTP and IP etc?

 

A 2nd advisory is that you have to check your email gateway logs about the "Header anomalies" including the sender and receiver SMTP and IP address. I am sure that you will get all the details.

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

0 Helpful

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎02-20-2019 09:21 AM

Hi there,
Some possible scenarios :

1. Automated mail agent rule
2. External system sending in behalf of the user
3. Mail loop

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎02-20-2019 09:12 AM

Hi,

I am not sure about your email and network security setup. But I can guide you with some basic guides which will help you that these emails are generated by your domain itself (hacking or authorized) or those are fake emails:

1. Have you configured SPF records for your domain? I know this is a basic requirement for email but cross-checks the domain.

2. Have you configured DKIM and DMARC for your domain? 

3. Have you enabled "Header anomalies" on your email gateway?

I hope you are aware of all of those things. I advise you that you must collect original email (which you mentioned in the post)  header from the user's inboxes and check with MXTOOLBOX.COM. What is output for all SPF, DKIM, DMARC, sender SMTP and IP etc?

 

A 2nd advisory is that you have to check your email gateway logs about the "Header anomalies" including the sender and receiver SMTP and IP address. I am sure that you will get all the details.

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎02-20-2019 09:21 AM

Hi there,
Some possible scenarios :

1. Automated mail agent rule
2. External system sending in behalf of the user
3. Mail loop
0 Helpful
Customers Also Viewed These Support Documents