You are an email administrator for a large company. Recently a series of emails were sent from a user's email account that the user claims not to have sent. How should you proceed?