Question : Spam questions in Exchange

Over the weekend a few users got a bunch of fake emails from Amazon, and some other ourdomain.com "team" that has our domain name on it (as if it's coming from the website "team" of our domain).  The amazon email looked very real, and a few employees started freaking out and calling me saying their amazon account had been compromised.

I am just trying to understand how these spammers get some of our valid email addresses.  I went into the exchange server management console, to message tracking, and looked at one of the amazon emails...  The recipients listed in the message had about 10 emails listed.  Four of them were valid emails of employees in our company, and the other 6 emails where way off track and not valid emails (although the @domain.com part was right).  How did the real email addresses even get on the list?  How do I protect our email accounts better so that these spammers don't know our real email accounts?

Also, in Exchange, the sender just says [email protected]om.  I know that is not the real address, but how do I see what the real sending address is?

Answer : Spam questions in Exchange

lots going on there.  the real address might not be even available, but the real sending server you can get it by looking at the headers of the message.
spammers are looking for valid email address.  it is called directory harvesting when a spammer sends messages to multiple email addresses and figures out which ones are real by checking your servers response (accepted mail means the account is valid, rejected that the account doesn't exist.)
your best way around spam is of course a spam filter either on the exchange box or on your firewall or a service like postini.
regardless of what spam filter you use, spam will get through.  just like viruses, the spammers figure out a new way to get through and it takes time for the spam filters to learn that and start blocking it.

what version of exchange are you running?  2008 has some spam features built in.
also, you can prevent same getting in from your own domain by changing some settings, but to tell you which, i would need to know if any other server can send mail as your domain, like does your web server send a thank you email for customer sign ups.