Hello everyone,
Thanks for getting this reported. This appears to be a spoofed message campaign and is best handled by implementing SPF checks on your server. This will allow your SmarterMail installation to check our SPF record the next time it receives one of these messages, and will then determine the message is spoofed and should not allow it through. We've also restricted our domain's SPF record to help prevent these attacks from getting through.
As to how your email addresses have been obtained, we unfortunately can't say. One option you have is to utilize the available online databases of compromised accounts to determine if your accounts have recently been found to be compromised. Companies are constantly getting compromised these days. In fact, Windows recently released a critical security update, and we'd recommend you verify that was implemented on your servers where SmarterMail is installed. On our end, we are not aware of any security vulnerabilities within SmarterMail itself, and we're not aware of any security breaches of our internal systems. We have a number of security practices in place and a variety measures to alert of this possibility. For example, our billing system has a number of accounts that are used as honeypots. Along with our other alerts, we look from time to time to see if these accounts have been compromised and take an overall look at our security. This might be a security measure you take within your own systems as well.
Kind regards,
Andrea Free
SmarterTools Inc.
877-357-6278
www.smartertools.com