(Outlook 03) -- User getting spammed by his own e-mail

We had a user who said they opened an e-mail to themselves, thinking they had pressed the wrong button. Now, this person's box is regularly receiving spam from someone spoofing his own e-mail.

I'm thinking this means I should check the e-mail headers and find an ip or dns name that it's being sent from and attempt to block it on the Exchange server, but I'm not sure how to go about that. Or if it's even the right (first) course of action I should be taking.

Am I pointed in the right direction? Or do you have other suggestions that I should attempt first?

(Also, how do I open this e-mail and check headers without ending up a victim of spam myself?)

 

Yep.

Once you do post the header here and I'll be happy to talk you through deciphering it.

EDIT Mask any email addresses in the header, we don't need those.
end edit.
You could also implement one of the numerous spam filters available (google is your friend), some are more strict than others so I'll leave that choice to you.

Use a client that can be set to text only (no HTML/script etc) and check the header in that.

 

<headdesk>

I asked to have the e-mail forwaded to me, so I could read headers. The user sent me their junk mail report.

The user was looking at e-mails caught by our filter, which sends a report to the user of what was blocked. Everything was actually fine and safe, and the report was listing the spoofed e-mails.

>_<

Sorry for wasting your time.

. . . Unless you think I should try to look at the first one they did open that (they say) triggered this series of spoofed e-mails? Or I should pretty much stop worrying since our product is stopping them from hitting her inbox anymore?

 

Looking won't do any harm Them saying is perhaps the problem

I'd say don't worry too much but as I said if you can post the header from the original email I'm happy to take a look for you.