Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Each Recipient of Distribution group receives 10 -20 copy of same mail, but subject is appended with “- Found word(s) free guaranteed in the Text body”

Posted on 2010-08-19
Medium Priority
Last Modified: 2012-05-10

We are facing issue with external users (Email account outside our domain ) getting 10 to 20 copies of same mail (content remains same, but email subject is appended with sentence “- Found word(s) free guaranteed in the Text body", and this sentence is getting appended to subject up to 6 times).

We have hundreds of contacts (external users) added to our exchanges, which is added to a distribution group. This is done for sending some announcements to our external contacts.

Infact this is happening only on following:
1) Issue happens only while sending from one account, we have tried sending mail from different email account and there were no issues
2) Only to distribution group, which has all external contacts (we have distribution group for more than 300 internal users, but this issue is not happening for internal users)
3) If we send mail from same email account to individual contact (members of the same distribution group), there is no issue

In addition, this specific sending email account has a rule created, which says to “forward all incoming mails to a distribution group (internal group for our users) of 30 members”

We did a tracking on exchange server, and could see only one mail being send out, however couldn’t see any mail with different or appended subject.

Further, we have made messagelabs (hosted service) SMTP gateway, both incoming & outgoing mails are routed thru messagelabs. Infact while tracking email with messagelabs we could see all the copies of mails (tracking shows even the mail with appended subject). But nothing is shown with appended subject in our exchange tracking.

Now, we have advised users not to send email to this specific external distribution group. But would appreciate if some could help me to find the solution and root cause.

We did raise the issue with messagelabs, but following are their reply

We have investigated the mailing issue and this appears to be a mailing loop, I have run a search on track and trace for mails from the address for the 16th and can see many entries for mails from this address with the same subject line.

Further investigation on our infrastructure shows that all these mails are separate mails sent individually from the sending mail server, and as such can confirm that the sender’s infrastructure seems to have a mail loop occurring on their infrastructure. We have included some of the SMTP logs for the mails below, as you can see the mail hits different servers and towers each time on MessageLabs, indicating these are separate mails.

Results for Log Search (mail ref: 128194737700000101250770001194008)
SMTP Results - Tower 194, Server 8
2010-08-16 08:29:37.698759500  10125077:  *** session start ***
2010-08-16 08:29:37.699048500  10125077:  Remote IP:
2010-08-16 08:29:37.699057500  10125077:  Message reference:!1281947377!10125077!1
2010-08-16 08:29:37.699058500  10125077:
2010-08-16 08:29:37.700281500  10125077:  < 220 ESMTP
2010-08-16 08:29:37.848639500  10125077:  > EHLO
2010-08-16 08:29:37.848662500  10125077:  <
2010-08-16 08:29:37.848663500  10125077:  250-STARTTLS
2010-08-16 08:29:37.848664500  10125077:  250-PIPELINING
2010-08-16 08:29:37.848664500  10125077:  250 8BITMIME
2010-08-16 08:29:38.000036500  10125077:  > MAIL FROM:<>
2010-08-16 08:29:38.006646500  10125077:  < 250 OK
2010-08-16 08:29:38.170256500  10125077:  > RCPT TO:<>
2010-08-16 08:29:38.170266500  10125077:  < 250 OK
2010-08-16 08:29:38.170267500  10125077:  > RCPT TO:<>
2010-08-16 08:29:38.170585500  10125077:  < 250 OK
2010-08-16 08:29:38.170594500  10125077:  > RCPT TO:<>

Results for Log Search (mail ref: 128194728800000383701080001195003)
SMTP Results - Tower 195, Server 3
2010-08-16 08:28:08.303910500  38370108:  *** session start ***
2010-08-16 08:28:08.304061500  38370108:  Remote IP:
2010-08-16 08:28:08.304082500  38370108:  Message reference:!1281947288!38370108!1
2010-08-16 08:28:08.304084500  38370108:
2010-08-16 08:28:08.305288500  38370108:  < 220 ESMTP
2010-08-16 08:28:08.486519500  38370108:  > EHLO
2010-08-16 08:28:08.486537500  38370108:  <
2010-08-16 08:28:08.486538500  38370108:  250-STARTTLS
2010-08-16 08:28:08.486539500  38370108:  250-PIPELINING
2010-08-16 08:28:08.486540500  38370108:  250 8BITMIME
2010-08-16 08:28:08.654933500  38370108:  > MAIL FROM:<>
2010-08-16 08:28:08.698722500  38370108:  < 250 OK
2010-08-16 08:28:08.861114500  38370108:  > RCPT TO:<>

Question by:TJOSY
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 33472971
As issue is only with one particular sender, please check the same using OWA and see how it goes.
Is outlook profile being used in cache mode or online mode.
Please create a new outlook online profile and check.

Go to the properties of that user in ADUC and check if by mistake any restrictions set but i dont think there would be any issues with that.

Any other info would be helpful.....

LVL 16

Expert Comment

by:Bruno PACI
ID: 33473187

First of all, as there is no "transport rules" in Exchange 2003 there is no way for Exchange 2003 to change anything in a mail subject.

So don't look in Exchange 2003 to resolve this issue because it's probably another product that modify messages.
Is there any anti-spam or antivirus software between your Exchange server and MessageLabs ? If yes then you should take a look at it, there might exist a rule in this product that modify message subject.

If the Exchange tracking log don't show any trace of these modified messages that means that the modification occurred "outside" Exchange...

Take a look at the SMTP header of one of these modified emails... the SMTP header might show you which server reemits the e-mail and that might give you some hints.

Have a good day

Accepted Solution

Paul Tozer earned 1000 total points
ID: 33473277
Sounds like an issue with the rule creating a mail loop.

It could be one of the recipients bouncing the email back, so the rule sees the email again, and resends to the recipients again.

What are you trying to acheive. Is it you send to a mailbox, which then forwards all emails to the distribution list.

Using rules can create loops easily.

Author Comment

ID: 33484818
@ alwayzexchange: & @mpcmanaged:  if its is the case with a specific sender, it shold be loged in the exchange track. however i could not find anything other than the initial mail.

Author Closing Comment

ID: 34421788
looop issue

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question