Mesage with no 'Send To' defined ends up in users inbox.

Posted on 2009-02-23
Last Modified: 2013-12-18
I have a client running Domino 7.03 and the latest Symantec Mail Security with Premium Anti-SPAM enabled.  It seems to be working well except for this one thing.

One of the users is now getting messages in his inbox with no subject or recipients.  The body of the email shows a bunch of different RCPT TO: statements as well as a subject line.  I'm wondering if Symantec could be catching the emails, but corrupting them.  This message should be caught as SPAM, and then marked with SPAM in the subject and then delivered. (Notice that the subject in the body of the email does start with SPAM)

When I look at the document properties, there is not 'Sent To' or 'Copy To' defined, I cannot determine how the messages end up in this mans inbox.

Here is a message as it shows up for the user.

Any ideas?
02/20/2009 10:40 AM       To      

Message-ID: <000d01c993c4$ea316ab0$6400a8c0@bobwhitesrog9>
From: "Sybil Torres" <>
To: <>
Subject: Spam:Plan a romantic weekend the way you want it.
Date: Sat, 21 Feb 2009 02:37:10 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Brightmail-Tracker: AAAAAgzSvtgNCQpx

This is a multi-part message in MIME format.

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

With that pill you can try different experiments in bed.

Enter fast
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-125=
<META content=3D"MSHTML 6.00.3790.1830" name=3DGENERATOR>
<BODY bgColor=3D#ffffff>
<DIV align=3Dcenter><FONT face=3DArial size=3D2>With that pill you can try =
different experiments in bed.</FONT></DIV>
<DIV align=3Dcenter><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV align=3Dcenter><FONT face=3DArial size=3D2>
<A href=3D"">Enter fast</A></FONT></DIV></BODY></H=

Question by:ITDharam
    LVL 17

    Expert Comment

    Do you have a rule on Symantec Mail Security to mark suspicious spam messages with the word "SPAM" in the subject?

    Few other thought:
    Junk mail does not have to be properly formatted mail (one of the reason it is called junk).
    The Sendto or CopyTo fields that you are looking for are not responsible to directing mail into users mailbox. These fields are defined in RFC2822 that describes message header
    The message is directed into user mailbox based on rcpt to: command received by your mail server. It is described in RFC 2821. The information from rcpt to: is not recorded in the message. You will need to check mail server logs for that
    LVL 8

    Author Comment

    Yes, Symantec will mark the message as SPAM and then deliver.

    Strange thing is, some of the spam gets tagged and delivered and shows up with the 'Send To' and Subject fields intact, while some of it gets messed up like the above.

    I compared the document information between emails that appear to be correctly labeled, and these strange SPAM ones, I guess I don't know how Domino will take the incoming email, and translate it.  Based on the above, none of the RCPT TO match the address to where it was delivered.
    LVL 17

    Accepted Solution

    Couple thoughts:

    1. You don't know how message looked like when it arrived to your system, before Symantec checked it for spam/viruses. You don't know that the message was correctly formatted to begin with. Junk messages are often misformatted and don't follow RFC rules as they are junk

    2. How did you check RCPT TO information? This information is NOT recorded in the message header or body. Be default, it is also NOT recorded in the log.
    You will need to have debug smtp enabled (see   for more details) to capture this information.

    3. I don't have latest Symantec Mail Security handy (my guess it would be version 6), but from my expirience with previous versions it would be quite possible for Symantec to have problem dealing with misformatted messages.
    LVL 31

    Assisted Solution

    You can also turn on mail tracing to see what Domino saw as delivery instructions.

    Remember, SendTo is not delivery instruction. The client copies SendTo to the Recipients list for delivery instructions. Similarly, inbound SMTP has RCPT TO for delivery instructions, independent of the header displayed to the user. Domino maps the envelope's RCPT TO into RECIPIENTS, and the SMTP message content's To: header into SendTo. As others have mentioned, spammers may put out a RCPT TO for your user without a matching To: for the user.

    Message tracking records the RCPT TO information, so you can see what came in, mapping it against the delivered message.
    LVL 8

    Author Closing Comment

    I guess that why it's called Experts Exchange.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    User Beware!  This is a rather permanent solution to removing your email from an exchange server.  The only way to truly go back is to have your exchange administrator restore your mailbox from backups.  This is usually the option of last resort.  A…
    Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now