Each Recipient of Distribution group receives 10 -20 copy of same mail, but subject is appended with “- Found word(s) free guaranteed in the Text body”


We are facing issue with external users (Email account outside our domain ) getting 10 to 20 copies of same mail (content remains same, but email subject is appended with sentence “- Found word(s) free guaranteed in the Text body", and this sentence is getting appended to subject up to 6 times).

We have hundreds of contacts (external users) added to our exchanges, which is added to a distribution group. This is done for sending some announcements to our external contacts.

Infact this is happening only on following:
1) Issue happens only while sending from one account, we have tried sending mail from different email account and there were no issues
2) Only to distribution group, which has all external contacts (we have distribution group for more than 300 internal users, but this issue is not happening for internal users)
3) If we send mail from same email account to individual contact (members of the same distribution group), there is no issue

In addition, this specific sending email account has a rule created, which says to “forward all incoming mails to a distribution group (internal group for our users) of 30 members”

We did a tracking on exchange server, and could see only one mail being send out, however couldn’t see any mail with different or appended subject.

Further, we have made messagelabs (hosted service) SMTP gateway, both incoming & outgoing mails are routed thru messagelabs. Infact while tracking email with messagelabs we could see all the copies of mails (tracking shows even the mail with appended subject). But nothing is shown with appended subject in our exchange tracking.

Now, we have advised users not to send email to this specific external distribution group. But would appreciate if some could help me to find the solution and root cause.

We did raise the issue with messagelabs, but following are their reply

We have investigated the mailing issue and this appears to be a mailing loop, I have run a search on track and trace for mails from the helpdesk@abc.com address for the 16th and can see many entries for mails from this address with the same subject line.

Further investigation on our infrastructure shows that all these mails are separate mails sent individually from the sending mail server, and as such can confirm that the sender’s infrastructure seems to have a mail loop occurring on their infrastructure. We have included some of the SMTP logs for the mails below, as you can see the mail hits different servers and towers each time on MessageLabs, indicating these are separate mails.

Results for Log Search (mail ref: 128194737700000101250770001194008)
SMTP Results - Tower 194, Server 8
2010-08-16 08:29:37.698759500  10125077:  *** session start ***
2010-08-16 08:29:37.699048500  10125077:  Remote IP:
2010-08-16 08:29:37.699057500  10125077:  Message reference: server-8.tower-194.messagelabs.com!1281947377!10125077!1
2010-08-16 08:29:37.699058500  10125077:
2010-08-16 08:29:37.700281500  10125077:  < 220 server-8.tower-194.messagelabs.com ESMTP
2010-08-16 08:29:37.848639500  10125077:  > EHLO frontend01.abc.com
2010-08-16 08:29:37.848662500  10125077:  < 250-server-8.tower-194.messagelabs.com
2010-08-16 08:29:37.848663500  10125077:  250-STARTTLS
2010-08-16 08:29:37.848664500  10125077:  250-PIPELINING
2010-08-16 08:29:37.848664500  10125077:  250 8BITMIME
2010-08-16 08:29:38.000036500  10125077:  > MAIL FROM:<helpdesk@abc.com>
2010-08-16 08:29:38.006646500  10125077:  < 250 OK
2010-08-16 08:29:38.170256500  10125077:  > RCPT TO:<bui@ext_domain1.net>
2010-08-16 08:29:38.170266500  10125077:  < 250 OK
2010-08-16 08:29:38.170267500  10125077:  > RCPT TO:<info@ext_domain2.org>
2010-08-16 08:29:38.170585500  10125077:  < 250 OK
2010-08-16 08:29:38.170594500  10125077:  > RCPT TO:<hlenthe@ext_domain3.com>

Results for Log Search (mail ref: 128194728800000383701080001195003)
SMTP Results - Tower 195, Server 3
2010-08-16 08:28:08.303910500  38370108:  *** session start ***
2010-08-16 08:28:08.304061500  38370108:  Remote IP:
2010-08-16 08:28:08.304082500  38370108:  Message reference: server-3.tower-195.messagelabs.com!1281947288!38370108!1
2010-08-16 08:28:08.304084500  38370108:
2010-08-16 08:28:08.305288500  38370108:  < 220 server-3.tower-195.messagelabs.com ESMTP
2010-08-16 08:28:08.486519500  38370108:  > EHLO frontend01.abc.com
2010-08-16 08:28:08.486537500  38370108:  < 250-server-3.tower-195.messagelabs.com
2010-08-16 08:28:08.486538500  38370108:  250-STARTTLS
2010-08-16 08:28:08.486539500  38370108:  250-PIPELINING
2010-08-16 08:28:08.486540500  38370108:  250 8BITMIME
2010-08-16 08:28:08.654933500  38370108:  > MAIL FROM:<helpdesk@abc.com>
2010-08-16 08:28:08.698722500  38370108:  < 250 OK
2010-08-16 08:28:08.861114500  38370108:  > RCPT TO:<bui@ext_domain1.net>

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

As issue is only with one particular sender, please check the same using OWA and see how it goes.
Is outlook profile being used in cache mode or online mode.
Please create a new outlook online profile and check.

Go to the properties of that user in ADUC and check if by mistake any restrictions set but i dont think there would be any issues with that.

Any other info would be helpful.....

Bruno PACIIT ConsultantCommented:

First of all, as there is no "transport rules" in Exchange 2003 there is no way for Exchange 2003 to change anything in a mail subject.

So don't look in Exchange 2003 to resolve this issue because it's probably another product that modify messages.
Is there any anti-spam or antivirus software between your Exchange server and MessageLabs ? If yes then you should take a look at it, there might exist a rule in this product that modify message subject.

If the Exchange tracking log don't show any trace of these modified messages that means that the modification occurred "outside" Exchange...

Take a look at the SMTP header of one of these modified emails... the SMTP header might show you which server reemits the e-mail and that might give you some hints.

Have a good day
Paul TozerCommented:
Sounds like an issue with the rule creating a mail loop.

It could be one of the recipients bouncing the email back, so the rule sees the email again, and resends to the recipients again.

What are you trying to acheive. Is it you send to a mailbox, which then forwards all emails to the distribution list.

Using rules can create loops easily.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TJOSYAuthor Commented:
@ alwayzexchange: & @mpcmanaged:  if its is the case with a specific sender, it shold be loged in the exchange track. however i could not find anything other than the initial mail.
TJOSYAuthor Commented:
looop issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.