Hi Mark,
They are using Exchange 2007 but I cant see Null Sender in the headers. This is a typical example of the headers I see in the Brightmail spam filter.
Received: from 194.73.96.56 by Spam Quarantine mta.bull.co.uk (194.73.96.56) ; Mon Feb 14 13:52:50 GMT 2011
X-auditid: c2496038-b7cdeae00000447d-53-4d5926a91457
Received: from ns1.bull.co.uk (ns1.bull.co.uk [194.73.96.50]) by mta.bull.co.uk (Symantec Mail Security) with SMTP id 34.F0.17533.9A6295D4; Mon, 14 Feb 2011 12:57:14 +0000 (GMT)
X-batvresult: fail
Received: from bmbcsweeper.barnsley.gov.uk (mailhost.barnsley.gov.uk [195.188.250.66]) by ns1.bull.co.uk (8.13.8/8.13.8) with ESMTP id p1ECvDhu001702; Mon, 14 Feb 2011 12:57:13 GMT
Received: from bmbcexchca.bmbcntd.barnsley.gov.uk (unverified) by bmbcsweeper.barnsley.gov.uk (Clearswift SMTPRS 5.4.0) with ESMTP id <T9b30a7c680ac16000c1614@bmbcsweeper.barnsley.gov.uk>; Mon, 14 Feb 2011 12:57:12 +0000
Received: from bmbcexch0.bmbcntd.barnsley.gov.uk ([128.1.5.21]) by bmbcexchca.bmbcntd.barnsley.gov.uk ([128.1.5.85]) with mapi; Mon, 14 Feb 2011 12:57:13 +0000
Thread-topic: test
Thread-index: AcvMRrIY1B9O9r8EQI+y+Pj0RirjQg==
Message-id: <18F7E79873EB57429721F0BCEB98299BF1E217B00D@bmbcexch0.bmbcntd.barnsley.gov.uk>
Accept-language: en-US, en-GB
Content-language: en-US
X-ms-has-attach:
X-ms-tnef-correlator:
Acceptlanguage: en-US, en-GB
Content-type: multipart/alternative; boundary="_000_18F7E79873EB57429721F0BCEB98299BF1E217B00Dbmbcexch0bmbc_"
Mime-version: 1.0
X-auto-response-suppress: DR, RN, NRN, OOF, AutoReply
X-bmi-source: external
X-brightmail-tracker: AAAAAQAAAAQ=
From: "Armitage , Rachel" <Rachel.Armitage@BullTCL.co.uk>
To: TCLManagement <TCLManagement@BullTCL.co.uk>
Date: Monday, Feb 14, 2011 12:57:12 PM GMT
Subject: [BOUNCE ATTACK] test
I have added the sender domain to our Good Senders but the Backscatter test still seems to get applied to them regardless. We may also have set up the backscatter protection incorrectly so if you can spot anything we have done wrong it would be greatly appreciated.
Many thanks.
Best Regards,
Derek