Solved

Email header information in message body?!?

Posted on 2010-08-25
11
2,248 Views
Last Modified: 2013-11-30
For some reason, we are getting email from one domain that appears to have all of the header information embedded into the message body.  I've never seen anything like it before, and cannot figure out why it's doing this.  We have Exhange 2003 on a 2003 server (both all service packed) and use Outlook 2003/2007 as our email client (I'm still waiting to hear back from the other involved party to see what email server & email client they're running..).  And this is the only client that we have any issues with.  Below is one of the emails for reference, where you can see that the first half of the email is the header gibberish...  Any help as to why it's doing this and what we need to do to clear it up would be greatly appreciated.  Thanks.

Regards,

Ric J.
ojO+D6w2T6SUaVE6gA4AoX3A=3D=3D|From:=20"Sender,=20Name

 "=20<sendername@domain.com>|To:=20<receivernam@domain.com>|X-OriginalArrivalTime:=2024=20Aug=202010=2016:49:4

 4.0923=20(UTC)=20FILETIME=3D[5AEEDAB0:01CB43AC]

 |X-filenames:=20None;

 bh=uRB0Rax1W32xDuPPJeHfmg1+RlLUTLuh3BZsGHLDMto=;

 b=cYgSQBxlcmSRfYRTk2mUmOQwJSm7nHE4bZzPYnN0JLqZvAcr9yYuVHge

 DLUZE93FwEc/WQIEbPe9T+fr4qt/tTPxZbL8UUmZp/56rIELluXeLQSFR

 pguMznPcsrEZGcrHImPRXP0bPLw/KBfXoD5OE5KDRzGk5cWYHSSY0gNYY

 U=;

X-filenames: None

X-TM-IMSS-Message-ID: <0cc492e200033c11@msgdaliv02vwin.domain.com>

X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12

content-class: urn:content-classes:message

MIME-Version: 1.0

Content-Type: text/plain;

 charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

Subject: Company Emails

Date: Tue, 24 Aug 2010 12:49:44 -0400

X-MS-Has-Attach: 

X-MS-TNEF-Correlator: 

Thread-Topic: Company Emails

Thread-Index: ActDrFojO+D6w2T6SUaVE6gA4AoX3A==

Return-Path: sendername@domain.com

X-OriginalArrivalTime: 24 Aug 2010 16:49:44.0923 (UTC) FILETIME=[5AEEDAB0:01CB43AC]

X-Spamicity: Unsure, spamicity=0.473292



Mr. J-



My name is XXX and I work with Cheryl's technical support team. She mentioned that you were having some issues receiving emails from her and asked if we'd help troubleshoot the issue. Can you receive emails from Cheryl when they do not contain attachments?=20



If you would like to reach me directly via phone, I am available at 123-123-4567.=20



Thanks,=20

Sender Name



VSO Support Team

100 Any Street

Smithfield, RI

Open in new window

0
Comment
Question by:ricjenkins
11 Comments
 
LVL 15

Expert Comment

by:roylong
ID: 33520786
This will most definitely be a setting on the senders end.

Does it occur from all addresses at this company of just a single user?

If it's all then their system may be set up to send this on one of their mail gateways.

If it's one, then it could be the client has set some debug information to show.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 33520922
Take a look at the internet headers for this email, it may be that what you are seeing is actually body text that just looks like the headers.

There may be additional (real) headers you are not seeing.

Shaun
0
 

Author Comment

by:ricjenkins
ID: 33520988
Well, I'm not sure (nor is the sender) where the incoding gibberish/header information in the body text is coming from, but I'm being told that the only part of the email that they actually typed in was the part that you would think was the email message body:
----------
Mr. J-

My name is XXX and I work with Cheryl's technical support team. She mentioned that you were having some issues receiving emails from her and asked if we'd help troubleshoot the issue. Can you receive emails from Cheryl when they do not contain attachments?=20

If you would like to reach me directly via phone, I am available at 123-123-4567.=20

Thanks,=20
Sender Name
VSO Support Team
100 Any Street
Smithfield, RI
----------

All of the extra stuff is being put in the email message body by some setting or something.  And that's what we're trying to figure out...
0
 
LVL 15

Expert Comment

by:roylong
ID: 33521086
So is it just one person?  Have someone else from the company send you something.
0
 

Author Comment

by:ricjenkins
ID: 33521174
No, it appears to be anyone from the company.  The email I posted for this question was from one of the company's tech support people, and it had the same issue as the original person with whom we noticed the issue.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Expert Comment

by:roylong
ID: 33521281
Then they need to look at possible mail server configuration which they have set - possibly someone was debugging something and turned this on to show headers in the mail...

do you have a mail trace to see what servers are on the path to you?  I'm not an exchange admin but I would start with their exchange configuration...
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33521617
I suspect the sender is using Trendmicro hosted Message Scanning Service.

X-TM-IMSS-Message-ID: <0cc492e200033c11@msgdaliv02vwin.domain.com>

Can you ask the sender to check with Trendmicro about this issue.
0
 
LVL 9

Expert Comment

by:Barry Gill
ID: 33522019
I have seen this with Trend on more than one occaision. Make sure they are running the latest version.
What is happening is that the trend server is inserting a blank line in the headers before your first line above.
As per the RFC's (822 and 2822) this indicates the end of the headers and the beginning of the body and as such it will then MIME encode (as plain text because there is no specifier) the body part and Exchange will report to Outlook the headers and body seperately.
This is why the headers look like they are in the body (some of them are) and the body and attachments are always shown as plain text.
This is rare and painful to resolve and is ALMOST always the fault of the sender, though in some cases the recipient may have a mail gateway that checks the body and breaks things. Usually though it is across more than one sending domain. Also happens more frequently with forwarded messages than anything else for some reason.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33522408
I have seen this before, due to virus scanners and/or "disclaimer" adding servers.

what has actually happened is that a blank line has been placed in the header by some package after it left the original mailserver; if you access the mail via imap using (say) outlook express, then look at the message source, you will see the blank line.

as a final test (assuming OE ;) drag onto the desktop, and open in notepad. note the blank line, and then either delete it or type in "x-test: true" or something similar - doesn't matter what you type really, as long as it starts x- and has a colon in it :)

this is caused by support for rfc compliant mail; before mime existed, the first break it found in the headers was deemed to indicate the end of the headers and the start of the body text. once mime was introduced, the key line "MIME-Version: 1.0" indicates to the mail client "this is a mime record, look for mime headers and ignore emply lines". so... provided an empty line comes *after* that key line, the system will ignore it.

it would appear that something is being added and is spilling over into a second line (empty) - looking at the raw message will show you what that is, and hence where to look to fix it :)
0
 

Accepted Solution

by:
ricjenkins earned 0 total points
ID: 34319558
I never really was able tofind out what the issue was here, due to the sender not being much help, but I haven't heard any more complaints on the subject either, so I can only assume that they fixed something that was wrong on their end.
0
 

Author Closing Comment

by:ricjenkins
ID: 34358760
No true resolution as to WHY this was happening was ever really found. The problem just kind of went away...
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now