Go Premium for a chance to win a PS4. Enter to Win


Each Recipient of Distribution group receives 10 -20 copy of same mail, but subject is appended with “- Found word(s) free guaranteed in the Text body”

Posted on 2010-08-19
Medium Priority
Last Modified: 2012-05-10

We are facing issue with external users (Email account outside our domain ) getting 10 to 20 copies of same mail (content remains same, but email subject is appended with sentence “- Found word(s) free guaranteed in the Text body", and this sentence is getting appended to subject up to 6 times).

We have hundreds of contacts (external users) added to our exchanges, which is added to a distribution group. This is done for sending some announcements to our external contacts.

Infact this is happening only on following:
1) Issue happens only while sending from one account, we have tried sending mail from different email account and there were no issues
2) Only to distribution group, which has all external contacts (we have distribution group for more than 300 internal users, but this issue is not happening for internal users)
3) If we send mail from same email account to individual contact (members of the same distribution group), there is no issue

In addition, this specific sending email account has a rule created, which says to “forward all incoming mails to a distribution group (internal group for our users) of 30 members”

We did a tracking on exchange server, and could see only one mail being send out, however couldn’t see any mail with different or appended subject.

Further, we have made messagelabs (hosted service) SMTP gateway, both incoming & outgoing mails are routed thru messagelabs. Infact while tracking email with messagelabs we could see all the copies of mails (tracking shows even the mail with appended subject). But nothing is shown with appended subject in our exchange tracking.

Now, we have advised users not to send email to this specific external distribution group. But would appreciate if some could help me to find the solution and root cause.

We did raise the issue with messagelabs, but following are their reply

We have investigated the mailing issue and this appears to be a mailing loop, I have run a search on track and trace for mails from the helpdesk@abc.com address for the 16th and can see many entries for mails from this address with the same subject line.

Further investigation on our infrastructure shows that all these mails are separate mails sent individually from the sending mail server, and as such can confirm that the sender’s infrastructure seems to have a mail loop occurring on their infrastructure. We have included some of the SMTP logs for the mails below, as you can see the mail hits different servers and towers each time on MessageLabs, indicating these are separate mails.

Results for Log Search (mail ref: 128194737700000101250770001194008)
SMTP Results - Tower 194, Server 8
2010-08-16 08:29:37.698759500  10125077:  *** session start ***
2010-08-16 08:29:37.699048500  10125077:  Remote IP:
2010-08-16 08:29:37.699057500  10125077:  Message reference: server-8.tower-194.messagelabs.com!1281947377!10125077!1
2010-08-16 08:29:37.699058500  10125077:
2010-08-16 08:29:37.700281500  10125077:  < 220 server-8.tower-194.messagelabs.com ESMTP
2010-08-16 08:29:37.848639500  10125077:  > EHLO frontend01.abc.com
2010-08-16 08:29:37.848662500  10125077:  < 250-server-8.tower-194.messagelabs.com
2010-08-16 08:29:37.848663500  10125077:  250-STARTTLS
2010-08-16 08:29:37.848664500  10125077:  250-PIPELINING
2010-08-16 08:29:37.848664500  10125077:  250 8BITMIME
2010-08-16 08:29:38.000036500  10125077:  > MAIL FROM:<helpdesk@abc.com>
2010-08-16 08:29:38.006646500  10125077:  < 250 OK
2010-08-16 08:29:38.170256500  10125077:  > RCPT TO:<bui@ext_domain1.net>
2010-08-16 08:29:38.170266500  10125077:  < 250 OK
2010-08-16 08:29:38.170267500  10125077:  > RCPT TO:<info@ext_domain2.org>
2010-08-16 08:29:38.170585500  10125077:  < 250 OK
2010-08-16 08:29:38.170594500  10125077:  > RCPT TO:<hlenthe@ext_domain3.com>

Results for Log Search (mail ref: 128194728800000383701080001195003)
SMTP Results - Tower 195, Server 3
2010-08-16 08:28:08.303910500  38370108:  *** session start ***
2010-08-16 08:28:08.304061500  38370108:  Remote IP:
2010-08-16 08:28:08.304082500  38370108:  Message reference: server-3.tower-195.messagelabs.com!1281947288!38370108!1
2010-08-16 08:28:08.304084500  38370108:
2010-08-16 08:28:08.305288500  38370108:  < 220 server-3.tower-195.messagelabs.com ESMTP
2010-08-16 08:28:08.486519500  38370108:  > EHLO frontend01.abc.com
2010-08-16 08:28:08.486537500  38370108:  < 250-server-3.tower-195.messagelabs.com
2010-08-16 08:28:08.486538500  38370108:  250-STARTTLS
2010-08-16 08:28:08.486539500  38370108:  250-PIPELINING
2010-08-16 08:28:08.486540500  38370108:  250 8BITMIME
2010-08-16 08:28:08.654933500  38370108:  > MAIL FROM:<helpdesk@abc.com>
2010-08-16 08:28:08.698722500  38370108:  < 250 OK
2010-08-16 08:28:08.861114500  38370108:  > RCPT TO:<bui@ext_domain1.net>

Question by:TJOSY

Expert Comment

ID: 33472971
As issue is only with one particular sender, please check the same using OWA and see how it goes.
Is outlook profile being used in cache mode or online mode.
Please create a new outlook online profile and check.

Go to the properties of that user in ADUC and check if by mistake any restrictions set but i dont think there would be any issues with that.

Any other info would be helpful.....

LVL 16

Expert Comment

by:Bruno PACI
ID: 33473187

First of all, as there is no "transport rules" in Exchange 2003 there is no way for Exchange 2003 to change anything in a mail subject.

So don't look in Exchange 2003 to resolve this issue because it's probably another product that modify messages.
Is there any anti-spam or antivirus software between your Exchange server and MessageLabs ? If yes then you should take a look at it, there might exist a rule in this product that modify message subject.

If the Exchange tracking log don't show any trace of these modified messages that means that the modification occurred "outside" Exchange...

Take a look at the SMTP header of one of these modified emails... the SMTP header might show you which server reemits the e-mail and that might give you some hints.

Have a good day

Accepted Solution

Paul Tozer earned 1000 total points
ID: 33473277
Sounds like an issue with the rule creating a mail loop.

It could be one of the recipients bouncing the email back, so the rule sees the email again, and resends to the recipients again.

What are you trying to acheive. Is it you send to a mailbox, which then forwards all emails to the distribution list.

Using rules can create loops easily.

Author Comment

ID: 33484818
@ alwayzexchange: & @mpcmanaged:  if its is the case with a specific sender, it shold be loged in the exchange track. however i could not find anything other than the initial mail.

Author Closing Comment

ID: 34421788
looop issue

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question