Go Premium for a chance to win a PS4. Enter to Win


e-mail messages from some senders lose MIME formatting

Posted on 2013-02-06
Medium Priority
Last Modified: 2013-08-25
Several months ago we started getting some e-mail messages where the MIME fomat was lost so that the message content showed the MIME header and all of the tags and coding, with the message hard to find and read.  Also there would be nothing shown in the FROM: TO: and SUBJECT: fields in the mail client (Outlook 2007).  We are running Exchange 2007 SP3, with a Deep6 spam appliance, the Exchange Content Filter and TrendMicro anti-spam mail filter.  The Deep6 appliance only passes or rejects messages based upon a score derived from dns and blacklists.  As far as I know, the Exchange content filter only passes or dumps into a spam mailbox messages based upon it's scoring criteria.  And the TrendMicro just removed the offending attachment, replacing it with a text notice.  As far as I know, none of these systems should modify messages.
Sometimes the content is no longer in the message and instead we get something like the message below (the upper part above the block of apparently random characters is what all of the problem e-mails look like).
Sent: February 06, 2013 4:08 PM

Received: from pat1.int.us.randstad.com ([]) by
 pat1.us.randstad.com with Microsoft SMTPSVC(7.5.7600.16601);       Wed, 6 Feb 2013
 16:08:07 -0500
Received: from MERCURY.rna.int.us.randstad.com ([fe80::5efe:])  by Mercury.rna.int.us.randstad.com ([fe80::5efe:]) with  Microsoft SMTP Server id 14.02.0318.001; Wed, 6 Feb 2013 16:08:05 -0500
From: Sunnie Rice <Sunnie.Rice@randstadusa.com>
To: Greg Radikopf <greg@rootorg.com>
Subject: Automatic reply: Executive Assistant/Secretary Position
Thread-Topic: Executive Assistant/Secretary Position
Thread-Index: Ac4ErgN/mCYxPAE8RkW1pIP9L3ZotAAAAr7w
Date: Wed, 6 Feb 2013 21:08:05 +0000
Message-ID: <27c172e26ca94a49b80a3dcd1721547d@MERCURY.rna.int.us.randstad.com>
References: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
In-Reply-To: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: Sunnie.Rice@randstadusa.com
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--35.469100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Return-Path: <>
X-OriginalArrivalTime: 06 Feb 2013 21:08:07.0778 (UTC) FILETIME=[0FE48C20:01CE04AE]
X-MS-Exchange-Organization-OriginalArrivalTime: 06 Feb 2013 21:08:21.2093
X-MS-Exchange-Organization-AuthSource: bay.rep.rootorg.net
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: randstadusa.com
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (bay.rep.rootorg.net: Sunnie.Rice@randstadusa.com does  not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
 DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:
X-MS-Exchange-Organization-OriginalSize: 2056

We did not change anything on any of our systems when this started happening, and although most e-mail comes in looking normal, the incidence of the above seems to be increasing.
I have found that one large company that send through Postini, almost all of the mail we get from one office has the problem, but all of the mail from another location of theirs (also through Postini) is fine.  They say it is not their problem and they did not change anything either.
Any ideas would be appreciated.  The only instances I have been able to find with this happening was web developers creating applications to send mail.
Question by:PaulR
  • 7
  • 6
  • 2
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38861856
Forwarding thru different email clients has been known to cause this.  The MIME boundaries get corrupted and the code that said that section was base64 encoded has been lost.

Or it should have a line that says: Content-Transfer-Encoding: base64  Your example does have that so I'm not sure what's going on.  Those characters would normally be converted into readable text.

If you can get an email direct to another account that does not go thru Postini, you can look at the original source to see if there is anything different.

Author Comment

ID: 38861869
The problem is that I am being asked to fix this problem, that from what I can tell, is being caused by the senders.  I have not control over the senders, so how am I supposed to fix this? If there is something on our system I can do, I would sure like to know what it is.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38862107
Well, you first have to find out what is wrong.  And the only way to tell that is to get the original source for the messages so you can tell what is being changed.  The chances are that the original email is in at least an acceptable format or the sender would be fixing their own problems.  And you should know that no two email clients do everything the same way.  You can't even count on two different versions being exactly the same.  Email after all these years is still a mess.

Truth is that almost everything that handles your mail messages can change it.  Anti-virus programs for example create a proxy on your computer and frequently attach a 'signature' to show that the email has been scanned.  Several programs along the way have screwed it up so bad you couldn't read the email message.  That was mostly because they got the MIME boundaries wrong.  Also, forwarded emails that go thru multiple email clients often have gotten munged up, often because they did something wrong with the MIME boundaries.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38863022
if you reply to the sender and have them send the message again as the original was corrupted do you get another corrupted message or does it come through properly?

Since you receive a majority of messages without a problem I'd tend to believe that the problem is not at your end, which means there is not a great deal you can do to fix it.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38863051
That may be true but since he has been given the job of fixing it, he at least needs to gather the facts that show where the problem is.

Author Comment

ID: 38863952
The problem seems to be ALMOST consistently related to who\where the sender is.  When we first started seeing this, it was people sending mail from Blackberries and this one company that we do a lot on business with.  Almost every mail from any person at that company.  But then we get one the other day from someone who we have previously (recently) received bad formatted messages that looked fine.  Also, at first I thought it had to do with messages that had many replies back and forth, but original messages from the same senders also had the problem.
So to answer ve3ofa's question.  Yes, almost always if we have problems from any particular sender, it is all (or nearly all) mail from that sender.

Author Comment

ID: 38979044
Possible new clue.
Now another of our users have begun receiving these problem messages.  The latest one might have a clue to shed some light on the issue. The content portion comes in as:

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

... lots of this hex ...


Does this shed any light for anyone?
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38979080
you may want to try UUD32Win: http://my.execpc.com/~mspankus/ or uudeview: http://www.miken.com/uud/ and see if they  can decode these messages
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38980150
The two line beginning with '--Apple-Mail' are the starting and ending MIME boundaries for that section which is 'base64' encoded.  That also tells you that that section was created by the Apple Mac Mail program and that it was supposed to be an HTML section after decoding.  

If you are seeing that in the clear, then the MIME boundaries that were supposed make that work properly got broken, probably when it was forwarded.

Author Comment

ID: 38981674
Thank you ve3ofa, for the http://www.miken.com/uud/ link.  I had tried some online decoders, but all they did was report that the base-64 string was not valid or the header was malformed.  The uudeview utility was able to extract some of the message, and also showed that the message was a reply to an e-mail that our user sent from his iPhone (through Exchange) that was also probably a reply to a e-mail he received.

So I now have more information, but still no solution.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38982197
If one of the replies or forwards breaks the formatting and MIME boundaries, there won't be a solution.  I used to get broken emails like that fairly often.

Author Comment

ID: 38995590
Friday I applied the latest update rollups to Exchange 2007 SP3 on the slight chance that it might have helped.  It did not.

Accepted Solution

PaulR earned 0 total points
ID: 39423563
Oops.  I thought I had posted the solution, but I see that I have not.

This issue was resolved by upgrading the TrendMicro Scan Mail for Exchange from version 8 to v 10.2 SP2 (which had to be done by uninstalling the old version and installing the new).

I can only surmise that there are some new mail formatting 'standards' that are now being used that the old ScanMail did not understand.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39424162
Actually, there have been quite a few versions of anti-virus products that broke email formatting over the years when they put their own block in the body of the email.

Author Closing Comment

ID: 39436730
This completely resolved the issue.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question