Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Internal email message gets sent to unknown recipient outside the company

Posted on 2013-06-20
Medium Priority
Last Modified: 2013-07-08
This is a very weird situation.  This is a Microsoft Exchange Server 2003 Small Business server with Microsoft Outlook 2007 clients.  There are five employees.  Employee A sent an email to the other four people with a nice quote to start the day.  A few days later, Employee A got an email from an unknown person at a reputable consulting company saying thanks for the kind words.  Employee A didn't know who this person was.

When we look at the email in her sent items which was sent at 7:39am on Tuesday, only the four employees are in the To line and no one is CC's or Bcc'd.  The response from the unknown party included the original message and it has the same date and time but this person's email address is included as a fifth recipient.  I double checked Employee A's sent items and this unknown person is NOT on the To: list.

Message tracking was not turned on with this server.  Ugh.  I checked everyone's rules and there are no auto-forwarding rules ... actually no rules of any sort.  I am at a loss as to how this person magically became a recipient when the original email doesn't include her at all.  There is anti-malware on all clients and the server.  The server checks out fine
Question by:Steve Bantz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 44

Accepted Solution

Amit earned 900 total points
ID: 39263450
Enable the advance logging with option like client IP.

That can show from which client it is being generated.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 300 total points
ID: 39264183
Without message tracking is almost impossible to know what has happened here. Has anyone in the company had dealings with that other party at all?

Author Comment

by:Steve Bantz
ID: 39264219
I have enabled message tracking now but of course it won't do me any good unless it happens again.  No one knows this person.  I even checked the original sender's outlook.nk2 file and the email address in question is not in there either.  I just have to think it is something that happened with the Exchange server since the address doesn't appear in the original message. It just appears that the address was added AFTER it left the local Outlook client and hit the Exchange server.  There are no open relays or anything like that, but that shouldn't matter.  Somehow, an address was appended to an outgoing email that the sender didn't put in there.  :)

The person outside the company who received the email was from a reputable firm so I don't have any reason to believe malware is involved.  I am just trying to figure out how something like this could even happen.  The company is nervous now so I have to come to some sort of conclusion.
LVL 44

Expert Comment

ID: 39264234
Check with ISP, they might be able to track something for you.

Author Comment

by:Steve Bantz
ID: 39308501
Nothing was found out on this after the fact.  I have turned on message tracking in case this happens again.  I have never seen this before and I have been doing this for 15 years.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question