How can I prevent spam from getting sent from our Oracle Service Cloud site?
Outgoing Email, Spam
To investigate this type of issue, your mail administrators should check your mail logs to determine any occurrences of the email address that received the spam message. In such cases, it is quite likely that they will find that no emails were sent to that address.
There are a number of bad viruses that can cause this type of email. These types of viruses infect a PC, grab all the email addresses stored on the PC, and then send massive amounts of email to the addresses, including an attachment with the virus. These virus emails have a spoofed FROM address which uses one of the other addresses stolen from the infected PC. Detailed information on viruses are available on a number of websites, which can be found by doing an Internet search on "virus".
Most likely in a case like this, the infected PC is a home computer somewhere that happened to have both your support email address and the spam recipient's email addresses stored on it. Thus, there is nothing that either you nor the spam recipient can do to prevent these types of emails from being sent. You should relay this information to the spam recipient so that they can be aware of the real issue.
By closely examining the Received: headers of the spam message, you may be able to identify where the offending email originated from. You might want to ask your customer for the offending spam message, including the headers. This will allow you to review the headers of the email to possibly determine where the message originated from.
Note, however, that it is possible for the virus to also forge most of the Received: headers. The topmost Received: header should be correct, but the others may not be correct. While the headers can be forged by spammers, it is not as common as the FROM email address. As a result, you have a better chance to determine which mail server really sent the email by reviewing these headers.
A sample email header is provided below. For example purposes, the server and email information have been generalized such as "email@example.com". The header has also been truncated a bit to make it easier to read.
Most email services permit users to view headers, but they all have different ways to access the headers. Thus, accessing the header information in an AOL email is quite different than accessing the header in Microsoft Outlook. For example, in AOL, to obtain this header information, open the email and click the Details link that appears at the top of the e-mail, below the from address and subject line.
In the example below, the Received lines are the most useful. From the top, they represent the receipt on the e-mail servers that handled this e-mail from most recent to least recent. The top Received line is usually the machine that actually performed final delivery of email. One indication that the headers may have been spoofed is if the "by hostname.domain" portion does not match the "from hostname.domain" portion within the Received line.
Received: from mailserver1.aol.com (mailserver1.aol.com [server's IP Address])
by mailserver1l.aol.com ...
Sat, 13 Mar 2004 09:29:14 -0500
Received: from mailserver.domain.com (mailserver.domain.com [server's IP Address])
by mailserver1.aol.com ...
Sat, 13 Mar 2004 09:28:53 -0500
Received: from www.domain.com (server's IP Address)
by mail11b.verio-web.com (RS ver 1.0.91vs) ...
Sat, 13 Mar 2004 09:28:49 -0500 (EST)
Received: (from account@localhost)
by domain.com (8.12.9/8.12.9/Submit) ...
Sat, 13 Mar 2004 09:28:12 -0500 (EST)
Date: Sat, 13 Mar 2004 09:28:12 -0500 (EST)
Content-Type: multipart/alternative; boundary=9RDKHg9Ub15H7
Subject: Your chance to get in on the bottom of an amazing company ...
*Note: If you are unable to identify if the email was spoofed and believe spam is being sent from your Oracle Service Cloud site, please submit a service request to Technical Support for review.