Hello Exchange 2010 Forums,
I have what must be a question that has been answered elsewhere, but I can't lay hands on the answer here or elsewhere on the web.
We're running exchange 2010 in our domain with outlook desktop clients. Under the "Options" navigation tab at the top of a new message, one can opt to include the "from:" field in the new message form. I'm worried because, one can choose a different address as the "from" address for a message. I know there are peculiarities of SMTP that allow spoofing the from address, and I believed that the "actual" from address would appear in the full headers of a message whose "from" field had been changed. But my concern is that I've looked through message headers for messages with spoofed from addresses within the domain and I can't see the actual from address anywhere in those headers.
To put things in terms of an example, say my actual e-mail address is jim.bob@company.com. My outlook client allows me to send an e-mail as waldo.woo@company.com both to zizzer.zazzer@company.com and to mr.brown@gmail.com. The full headers for the e-mails in the respective inboxes of both zizzer.zazzer@company.com and mr.brown@gmail.com make no mention of jim.bob@company.com.
Can such spoofing be disallowed? If so, how? Can the fuller headers be changed to indicate at least which address sent the spoof?
Thanks for your help in this matter.
Jesse Butler