I have my own website and have been getting spoof emails sent to me as if they are from someone in my own comapny using balloonfiesta.tv as the domain. Can anyone advise if there is any way to overcome this problem. Any help would be most grateful.

Are the headers spoofed as well? If the IP addresses aren't spoofed, then you maybe able to find where they originate and alert the ownners of the server. They could be using an opened relay. If that's not possible, you make be able to filer it.

Hi Don2006, Thanks for replying. These were the properties of the email I received. As I am relatively new to this game, I am not sure what all this means. My main concern is not that I am receiving Spam (I have NIS2006 which filters it very well), but that some unscrupulous individual has managed to register an email address within my domain,how this is possible and how can I prevent it from happening. Any help would be greatly appreciated. Return-Path: <QMhjWD@balloonfiesta.tv> X-Original-To: paul@balloonfiesta.tv Delivered-To: balloonfiesta@godzilla.bigwig.net Received: from PCUSNJRNST2 (unknown [216.169.212.5]) by godzilla.bigwig.net (Postfix) with SMTP id 142411FE57 for <paul@balloonfiesta.tv>; Tue, 13 Jun 2006 18:01:49 +0100 (BST) Received: from [73.238.103.212] (port=9204 helo=[73.238.103.212]) by balloonfiesta.tv with esmtp id woekgg-gOz837-26 for paul@balloonfiesta.tv; Tue, 13 Jun 2006 11:25:43 +0600 Reply-To: Jerry <QMhjWD@balloonfiesta.tv> Message-ID: <46132265.20060613112543@balloonfiesta.tv> From: Jerry <QMhjWD@balloonfiesta.tv> To: <paul@balloonfiesta.tv> Subject: Never better cant be fOund. Date: Tue, 13 Jun 2006 11:25:43 +0600 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0068_01C4B064.23976819" X-Priority: 1 X-Mailer: The Bat! (v3.71.14) Home X-Spam: Not detected X-NAS-Language: Dutch X-NAS-Bayes: #0: 8.14301E-056; #1: 1 X-NAS-Classification: 0 X-NAS-MessageID: 3095 X-NAS-Validation: {2D1C135D-0BB2-4F23-AF1C-9F28A26FB2F5} Many thanks, Paul.

WhoIs Lookup performed by Karen's WhoIs http://www.karenware.com/ OrgName: Novo Nordisk Pharmaceutical, Inc. OrgID: NNP-4 Address: 100 college road west City: Princeton StateProv: NJ PostalCode: 08540 Country: US NetRange: 216.169.208.0 - 216.169.223.255 CIDR: 216.169.208.0/20 NetName: NNPI-COM NetHandle: NET-216-169-208-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Assignment NameServer: T.NS.VERIO.NET NameServer: B.NS.VERIO.NET Comment: RegDate: 2004-06-16 Updated: 2004-06-16 RTechHandle: AHO21-ARIN RTechName: Ho, Antien RTechPhone: +1-609-987-5876 RTechEmail: atnh@novonordisk.com RTechHandle: MRU9-ARIN RTechName: Ruggiero, Matt RTechPhone: +1-609-987-7787 RTechEmail: mrgg@novonordisk.com OrgTechHandle: AHO21-ARIN OrgTechName: Ho, Antien OrgTechPhone: +1-609-987-5876 OrgTechEmail: atnh@novonordisk.com OrgTechHandle: MRU9-ARIN OrgTechName: Ruggiero, Matt OrgTechPhone: +1-609-987-7787 OrgTechEmail: mrgg@novonordisk.com # ARIN WHOIS database, last updated 2006-06-13 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Today seems like a good day to chew through the restraints.

http://home.att.net/~marjie1/usenet.htm

He didn't register an email address in your domain. Anyone can put any email address in the return line and the server will use it and give it a message ID. Received: from [73.238.103.212] (port=9204 helo=[73.238.103.212]) That's the key line in the header for 2 reasons. one the helo, which is the first command used when using an opened relay. Sometimes the server wants you to say helo, believe it or not. The second thing is the port number 9204, which denotes a wireless connection. The message could have even been sent from a cell phone. There is probably more but that's as far as I researched it. To answer your question as to how to stop it, you probably just have to create a filter blocking those IP addresses which may or may not work. I'm sure there are other unsecured connections available.

Many thanks to all who have helped me, and I will follow up all cmments and suggestions. Paul.