e-mail messages from some senders lose MIME formatting

Several months ago we started getting some e-mail messages where the MIME fomat was lost so that the message content showed the MIME header and all of the tags and coding, with the message hard to find and read.  Also there would be nothing shown in the FROM: TO: and SUBJECT: fields in the mail client (Outlook 2007).  We are running Exchange 2007 SP3, with a Deep6 spam appliance, the Exchange Content Filter and TrendMicro anti-spam mail filter.  The Deep6 appliance only passes or rejects messages based upon a score derived from dns and blacklists.  As far as I know, the Exchange content filter only passes or dumps into a spam mailbox messages based upon it's scoring criteria.  And the TrendMicro just removed the offending attachment, replacing it with a text notice.  As far as I know, none of these systems should modify messages.
Sometimes the content is no longer in the message and instead we get something like the message below (the upper part above the block of apparently random characters is what all of the problem e-mails look like).
Sent: February 06, 2013 4:08 PM

Received: from pat1.int.us.randstad.com ([]) by
 pat1.us.randstad.com with Microsoft SMTPSVC(7.5.7600.16601);       Wed, 6 Feb 2013
 16:08:07 -0500
Received: from MERCURY.rna.int.us.randstad.com ([fe80::5efe:])  by Mercury.rna.int.us.randstad.com ([fe80::5efe:]) with  Microsoft SMTP Server id 14.02.0318.001; Wed, 6 Feb 2013 16:08:05 -0500
From: Sunnie Rice <Sunnie.Rice@randstadusa.com>
To: Greg Radikopf <greg@rootorg.com>
Subject: Automatic reply: Executive Assistant/Secretary Position
Thread-Topic: Executive Assistant/Secretary Position
Thread-Index: Ac4ErgN/mCYxPAE8RkW1pIP9L3ZotAAAAr7w
Date: Wed, 6 Feb 2013 21:08:05 +0000
Message-ID: <27c172e26ca94a49b80a3dcd1721547d@MERCURY.rna.int.us.randstad.com>
References: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
In-Reply-To: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: Sunnie.Rice@randstadusa.com
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--35.469100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Return-Path: <>
X-OriginalArrivalTime: 06 Feb 2013 21:08:07.0778 (UTC) FILETIME=[0FE48C20:01CE04AE]
X-MS-Exchange-Organization-OriginalArrivalTime: 06 Feb 2013 21:08:21.2093
X-MS-Exchange-Organization-AuthSource: bay.rep.rootorg.net
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: randstadusa.com
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (bay.rep.rootorg.net: Sunnie.Rice@randstadusa.com does  not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
 DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:
X-MS-Exchange-Organization-OriginalSize: 2056

We did not change anything on any of our systems when this started happening, and although most e-mail comes in looking normal, the incidence of the above seems to be increasing.
I have found that one large company that send through Postini, almost all of the mail we get from one office has the problem, but all of the mail from another location of theirs (also through Postini) is fine.  They say it is not their problem and they did not change anything either.
Any ideas would be appreciated.  The only instances I have been able to find with this happening was web developers creating applications to send mail.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

PaulRConnect With a Mentor Author Commented:
Oops.  I thought I had posted the solution, but I see that I have not.

This issue was resolved by upgrading the TrendMicro Scan Mail for Exchange from version 8 to v 10.2 SP2 (which had to be done by uninstalling the old version and installing the new).

I can only surmise that there are some new mail formatting 'standards' that are now being used that the old ScanMail did not understand.
Dave BaldwinFixer of ProblemsCommented:
Forwarding thru different email clients has been known to cause this.  The MIME boundaries get corrupted and the code that said that section was base64 encoded has been lost.

Or it should have a line that says: Content-Transfer-Encoding: base64  Your example does have that so I'm not sure what's going on.  Those characters would normally be converted into readable text.

If you can get an email direct to another account that does not go thru Postini, you can look at the original source to see if there is anything different.
PaulRAuthor Commented:
The problem is that I am being asked to fix this problem, that from what I can tell, is being caused by the senders.  I have not control over the senders, so how am I supposed to fix this? If there is something on our system I can do, I would sure like to know what it is.
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Dave BaldwinFixer of ProblemsCommented:
Well, you first have to find out what is wrong.  And the only way to tell that is to get the original source for the messages so you can tell what is being changed.  The chances are that the original email is in at least an acceptable format or the sender would be fixing their own problems.  And you should know that no two email clients do everything the same way.  You can't even count on two different versions being exactly the same.  Email after all these years is still a mess.

Truth is that almost everything that handles your mail messages can change it.  Anti-virus programs for example create a proxy on your computer and frequently attach a 'signature' to show that the email has been scanned.  Several programs along the way have screwed it up so bad you couldn't read the email message.  That was mostly because they got the MIME boundaries wrong.  Also, forwarded emails that go thru multiple email clients often have gotten munged up, often because they did something wrong with the MIME boundaries.
David Johnson, CD, MVPOwnerCommented:
if you reply to the sender and have them send the message again as the original was corrupted do you get another corrupted message or does it come through properly?

Since you receive a majority of messages without a problem I'd tend to believe that the problem is not at your end, which means there is not a great deal you can do to fix it.
Dave BaldwinFixer of ProblemsCommented:
That may be true but since he has been given the job of fixing it, he at least needs to gather the facts that show where the problem is.
PaulRAuthor Commented:
The problem seems to be ALMOST consistently related to who\where the sender is.  When we first started seeing this, it was people sending mail from Blackberries and this one company that we do a lot on business with.  Almost every mail from any person at that company.  But then we get one the other day from someone who we have previously (recently) received bad formatted messages that looked fine.  Also, at first I thought it had to do with messages that had many replies back and forth, but original messages from the same senders also had the problem.
So to answer ve3ofa's question.  Yes, almost always if we have problems from any particular sender, it is all (or nearly all) mail from that sender.
PaulRAuthor Commented:
Possible new clue.
Now another of our users have begun receiving these problem messages.  The latest one might have a clue to shed some light on the issue. The content portion comes in as:

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

... lots of this hex ...


Does this shed any light for anyone?
David Johnson, CD, MVPOwnerCommented:
you may want to try UUD32Win: http://my.execpc.com/~mspankus/ or uudeview: http://www.miken.com/uud/ and see if they  can decode these messages
Dave BaldwinFixer of ProblemsCommented:
The two line beginning with '--Apple-Mail' are the starting and ending MIME boundaries for that section which is 'base64' encoded.  That also tells you that that section was created by the Apple Mac Mail program and that it was supposed to be an HTML section after decoding.  

If you are seeing that in the clear, then the MIME boundaries that were supposed make that work properly got broken, probably when it was forwarded.
PaulRAuthor Commented:
Thank you ve3ofa, for the http://www.miken.com/uud/ link.  I had tried some online decoders, but all they did was report that the base-64 string was not valid or the header was malformed.  The uudeview utility was able to extract some of the message, and also showed that the message was a reply to an e-mail that our user sent from his iPhone (through Exchange) that was also probably a reply to a e-mail he received.

So I now have more information, but still no solution.
Dave BaldwinFixer of ProblemsCommented:
If one of the replies or forwards breaks the formatting and MIME boundaries, there won't be a solution.  I used to get broken emails like that fairly often.
PaulRAuthor Commented:
Friday I applied the latest update rollups to Exchange 2007 SP3 on the slight chance that it might have helped.  It did not.
Dave BaldwinFixer of ProblemsCommented:
Actually, there have been quite a few versions of anti-virus products that broke email formatting over the years when they put their own block in the body of the email.
PaulRAuthor Commented:
This completely resolved the issue.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.