That is not uncommon -- we know of one who had the ability to double the amount of spam everyone on the Internet receives, due to the thousands of servers he broke into.I have noticed one particular spammer who tries us regularly always uses a different IP address.
This is uncommon.They must run some kind of trace on our server since as soon as one of our clients has finished sending/receiving mail then he's there with the host name and the dial-in allocated IP address just used by the client.
The first question is "Are you doing anything to try to track down the hacker that has compromised your network, and if not, why not?" A security breach takes priority over spam.
That being said, though, it almost certainly isn't a spammer, and almost certainly isn't compromised computers. In this case, I'd say the most likely answer is that many of your users have viruses. They would very likely fit the pattern you see -- sending the "spam" from the same IP that someone had just sent/received mail from.
I'd say there's about a 1 in 10,000 chance that this really is a spammer or hacker. Spoofing IPs is extremely difficult, and spoofing the IPs of all/many of your clients would be even more difficult.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
