Microsoft’s IIS SMTP service won’t log usernames even when SMTP-AUTH is enabled and clients are all authenticating. So, what happens if someone starts abusing the SMTP service (or you perhaps have a runaway process performing the abuse)?

Well, it takes a little effort but it is possible to track down the username being used to authenticate to the service. Here’s a post by Jeff Graves of OrcsWeb showing exactly how to track down this information: http://jeffgraves.me/2013/01/08/linking-spam-sent-through-shared-iis-smtp-server-to-a-user/